PHPackages                             fyre/csrf - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. fyre/csrf

ActiveLibrary[Security](/categories/security)

fyre/csrf
=========

A CSRF protetion library.

v5.0.8(9mo ago)0140↓77.8%13MITPHP

Since Apr 3Pushed 9mo ago1 watchersCompare

[ Source](https://github.com/elusivecodes/FyreCSRF)[ Packagist](https://packagist.org/packages/fyre/csrf)[ RSS](/packages/fyre-csrf/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (10)Dependencies (8)Versions (26)Used By (3)

FyreCSRF
========

[](#fyrecsrf)

**FyreCSRF** is a free, open-source CSRF protection library for *PHP*.

Table Of Contents
-----------------

[](#table-of-contents)

- [Installation](#installation)
- [Basic Usage](#basic-usage)
- [Methods](#methods)
- [Middleware](#middleware)

Installation
------------

[](#installation)

**Using Composer**

```
composer require fyre/csrf

```

In PHP:

```
use Fyre\Security\CsrfProtection;
```

Basic Usage
-----------

[](#basic-usage)

- `$container` is a [*Container*](https://github.com/elusivecodes/FyreContainer).
- `$config` is a [*Config*](https://github.com/elusivecodes/FyreConfig).

```
$csrfProtection = new CsrfProtection($container, $config);
```

Default configuration options will be resolved from the "*Csrf*" key in the [*Config*](https://github.com/elusivecodes/FyreConfig).

- `$options` is an array containing the configuration options.
    - `cookie` is an array containing CSRF cookie options.
        - `name` is a string representing the cookie name, and will default to "*CsrfToken*".
        - `expires` is a number representing the cookie lifetime, and will default to 0.
        - `domain` is a string representing the cookie domain, and will default to "".
        - `path` is a string representing the cookie path, and will default to "*/*".
        - `secure` is a boolean indicating whether to set a secure cookie, and will default to *true*.
        - `httpOnly` is a boolean indicating whether to the cookie should be HTTP only, and will default to *false*.
        - `sameSite` is a string representing the cookie same site, and will default to "*Lax*".
    - `salt` is a string representing the CSRF session key and will default to "*\_csrfToken*".
    - `field` is a string representing the CSRF token field name, and will default to "*csrf\_token*".
    - `header` is a string representing the CSRF token header name, and will default to "*Csrf-Token*".
    - `skipCheck` is a *Closure* that accepts a [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests) as the first argument.

```
$container->use(Config::class)->set('Csrf', $options);
```

**Autoloading**

It is recommended to bind the *CsrfProtection* to the [*Container*](https://github.com/elusivecodes/FyreContainer) as a singleton.

```
$container->singleton(CsrfProtection::class);
```

Any dependencies will be injected automatically when loading from the [*Container*](https://github.com/elusivecodes/FyreContainer).

```
$csrfProtection = $container->use(CsrfProtection::class);
```

Methods
-------

[](#methods)

**Before Response**

Update the [*ClientResponse*](https://github.com/elusivecodes/FyreServer#client-responses) before sending to client.

```
$response = $csrfProtection->beforeResponse($request, $response);
```

**Check Token**

Check CSRF token.

- `$request` is the [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests).

```
$csrfProtection->checkToken($request);
```

**Get Cookie Token**

Get the CSRF cookie token.

```
$cookieToken = $csrfProtection->getCookieToken();
```

**Get Field**

Get the CSRF token field name.

```
$field = $csrfProtection->getField();
```

**Get Form Token**

Get the CSRF form token.

```
$formToken = $csrfProtection->getFormToken();
```

**Get Header**

Get the CSRF token header name.

```
$header = $csrfProtection->getHeader();
```

Middleware
----------

[](#middleware)

```
use Fyre\Security\Middleware\CsrfProtectionMiddleware;
```

- `$csrfProtection` is a *CsrfProtection*.

```
$middleware = new CsrfProtectionMiddleware($csrfProtection);
```

Any dependencies will be injected automatically when loading from the [*Container*](https://github.com/elusivecodes/FyreContainer).

```
$middleware = $container->build(CsrfProtectionMiddleware::class);
```

**Handle**

Handle a [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests).

- `$request` is a [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests).
- `$next` is a *Closure*.

```
$response = $middleware->handle($request, $next);
```

This method will return a [*ClientResponse*](https://github.com/elusivecodes/FyreServer#client-responses).

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance56

Moderate activity, may be stable

Popularity11

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 95.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~52 days

Recently: every ~39 days

Total

25

Last Release

291d ago

Major Versions

v1.0.4 → v2.02023-08-05

v2.0.2 → v3.02023-12-17

v3.1.1 → v4.02024-07-26

v4.2.1 → v5.02024-11-20

### Community

Maintainers

![](https://www.gravatar.com/avatar/fad81fd5941e3a637c8a5749d05ae3ed9314d5e2fee57f59c3d9ec3b41259c6b?d=identicon)[elusivecodes](/maintainers/elusivecodes)

---

Top Contributors

[![elusivecodes](https://avatars.githubusercontent.com/u/18050480?v=4)](https://github.com/elusivecodes "elusivecodes (20 commits)")[![pm-michael](https://avatars.githubusercontent.com/u/49225527?v=4)](https://github.com/pm-michael "pm-michael (1 commits)")

---

Tags

csrfphpprotectionsecurity

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/fyre-csrf/health.svg)

```
[![Health](https://phpackages.com/badges/fyre-csrf/health.svg)](https://phpackages.com/packages/fyre-csrf)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.0M134](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24772.0k35](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)