PHPackages davidecesarano/embryo-csrf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. davidecesarano/embryo-csrf ActiveLibrary davidecesarano/embryo-csrf ========================== PSR-15 middleware to prevent CSRF. 1791PHP Since Jan 29Pushed 7y ago2 watchersCompare [ Source](https://github.com/davidecesarano/Embryo-CSRF)[ Packagist](https://packagist.org/packages/davidecesarano/embryo-csrf)[ RSS](/packages/davidecesarano-embryo-csrf/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependenciesVersions (1)Used By (0) Embryo CSRF =========== [](#embryo-csrf) A PSR-15 compatible middleware to prevent CSRF. This middleware checks every POST, PATCH, PUT and DELETE requests for a CSRF token. The token is stored in session request attribute. Requirements ------------ [](#requirements) - PHP >= 7.1 - A [PSR-7](https://www.php-fig.org/psr/psr-7/) http message implementation and [PSR-17](https://www.php-fig.org/psr/psr-17/) http factory implementation (ex. [Embryo-Http](https://github.com/davidecesarano/Embryo-Http)) - A [PSR-15](https://www.php-fig.org/psr/psr-15/) http server request handlers implementation (ex. [Embryo-Middleware](https://github.com/davidecesarano/Embryo-Middleware)) - A PSR-15 session middleware (Ex. [Embryo-Session](https://github.com/davidecesarano/Embryo-Session)) - A PSR response emitter (ex. [Embryo-Emitter](https://github.com/davidecesarano/Embryo-Emitter)) Installation ------------ [](#installation) Using Composer: ``` $ composer require davidecesarano/embryo-csrf ``` Usage ----- [](#usage) Add `Embryo\CSRF\CsrfMiddleware` to middleware dispatcher: ``` use Embryo\Http\Emitter\Emitter; use Embryo\Http\Server\RequestHandler; use Embryo\Http\Factory\{ServerRequestFactory, ResponseFactory}; use Embryo\CSRF\CsrfMiddleware; $request = (new ServerRequestFactory)->createServerRequestFromServer(); $response = (new ResponseFactory)->createResponse(); $session = new Session; $middleware = new RequestHandler; $emitter = new Emitter; // example: generate form input class GenerateInputMiddleware implements MiddlewareInterface { public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $response = $handler->handle($request); $session = $request->getAttribute('session'); $token = $session->get('csrf_token'); return $response->write(''); } } // SessionMiddleware $middleware->add( (new SessionMiddleware) ->setSession($session) ->setOptions([ 'use_cookies' => false, 'use_only_cookies' => true ]) ); // CsrfMiddleware $middleware->add(CsrfMiddleware::class); // GenerateInputMiddleware $middleware->add(GenerateInputMiddleware::class); $response = $middleware->dispatch($request, $response); $emitter->emit($response); ``` You may quickly test this using the built-in PHP server going to . ``` $ cd example $ php -S localhost:8000 ``` Options ------- [](#options) ### `setSessionRequestAttribute(string $sessionRequestAttribute)` [](#setsessionrequestattributestring-sessionrequestattribute) Set session request attribute. If it's not provided, use `$request->getAttribute('session')`. ### `setFormInputName(string $formInputName)` [](#setforminputnamestring-forminputname) Set the form input name. If it's not provided, use `csrf_token`. ### `setSessionKey(string $sessionKey)` [](#setsessionkeystring-sessionkey) Set the session key. If it's not provided, use `$session->get('csrf_token')`. ### `setLimit(int $limit)` [](#setlimitint-limit) Set limit the number of token to store in the session. If it's not provided, is `5`. ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community9 Small or concentrated contributor base Maturity38 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/16277144?v=4)[Davide Cesarano](/maintainers/davidecesarano)[@davidecesarano](https://github.com/davidecesarano) --- Top Contributors [![davidecesarano](https://avatars.githubusercontent.com/u/16277144?v=4)](https://github.com/davidecesarano "davidecesarano (10 commits)") --- Tags csrfmiddlewarephppsr-15 ### Embed Badge ![Health badge](/badges/davidecesarano-embryo-csrf/health.svg) ``` [![Health](https://phpackages.com/badges/davidecesarano-embryo-csrf/health.svg)](https://phpackages.com/packages/davidecesarano-embryo-csrf) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)