Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/secit-pl/advanced-form-token-bundle
Advanced Symfony form token implementation
https://github.com/secit-pl/advanced-form-token-bundle
Last synced: about 1 month ago
JSON representation
Advanced Symfony form token implementation
- Host: GitHub
- URL: https://github.com/secit-pl/advanced-form-token-bundle
- Owner: secit-pl
- License: mit
- Created: 2017-10-27T08:10:42.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-12-05T08:18:46.000Z (about 6 years ago)
- Last Synced: 2024-05-12T01:40:52.120Z (8 months ago)
- Language: PHP
- Homepage:
- Size: 14.6 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Advanced Symfony Form Token
This bundle provides the advanced form token implementation for Symfony 2.8 and 3.0+.
## Features
- JavaScript version of the core form token
- JavaScript code obfuscation (requires external libraries)
## Installation
From the command line run
```
$ composer require secit-pl/advanced-form-token-bundle
```
Update your AppKernel by adding the bundle declaration
```php
class AppKernel extends Kernel
{
public function registerBundles()
{
$bundles = [
...
new SecIT\AdvancedFormTokenBundle\AdvancedFormTokenBundle(),
];
...
}
}
```
## Usage
By default this bundle is disabled for all forms. You can enable it globally or for a single form.
#### Simgle form usage
To enable the JavaScript token just add the `javascript_csrf_protection` to the form defaults.
```php
setDefaults([
'javascript_csrf_protection' => true, // enable the JavaScript form token
...
]);
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
...
}
}
```
Here is the list of possible options used by JavaScript form token. Most of them works the same like the native Symfony form token options.
**javascript_csrf_protection** - default: false - is JavaScript form token enabled?
**javascript_csrf_field_name** - deafult: _jstoken - the token form field name
**javascript_csrf_message** - The error message displayed if the form token is invalid
**javascript_csrf_javascript_obfuscator'** - deafult: null - The obfuscator class used to obfuscate generated token JavaScript code
#### Global configuration
config.yml
```yaml
advanced_form_token:
javascript_token:
enabled: ~ # default false - is JavaScript form token enabled for all forms?
field_name: ~ # deafult: _jstoken - the token form field name for all forms
javascript_obfuscator: ~ # deafult: null - The obfuscator class used to obfuscate generated token JavaScript code for all forms
```
#### JavaScript obfuscator
By default generated JavaScript code is not obfuscated. To enable it you need to define the obfuscator class which should
be used for this operation. This class should implements the `SecIT\AdvancedFormTokenBundle\JavaScript\ObfuscatorInterface`.
Current version provides one ready to use obfuscator `SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator` which
requires that you have already installed the https://github.com/tholu/php-packer. This package in not installed by default
due to the fact that it uses the LGPL-2.1 license thich is not fully compatible with MIT license used by this bundle.
To enable the obfuscator for a single form set the `javascript_csrf_javascript_obfuscator` option to the `SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator` value.
In most cases you'd like to have obfuscator enabled for all JavaScript token forms so the best way will be to set it up
globally in your `config.yml`:
```yaml
advanced_form_token:
javascript_token:
javascript_obfuscator: SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator
```
From now TholuPhpPackerObfuscator will randomly obfuscate the JavaScript code generated for each form token.