PHPackages                             jerfeson/slim-csrf - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. jerfeson/slim-csrf

ActiveLibrary[Framework](/categories/framework)

jerfeson/slim-csrf
==================

Slim Framework 4 CSRF protection PSR-15 middleware

1.0.0(6y ago)011MITPHPPHP ^7.1

Since Mar 31Pushed 5y agoCompare

[ Source](https://github.com/jerfeson/Slim-Csrf)[ Packagist](https://packagist.org/packages/jerfeson/slim-csrf)[ Docs](http://slimframework.com)[ RSS](/packages/jerfeson-slim-csrf/feed)WikiDiscussions master Synced 2d ago

READMEChangelogDependencies (7)Versions (17)Used By (0)

Slim Framework CSRF Protection
==============================

[](#slim-framework-csrf-protection)

[![Build Status](https://camo.githubusercontent.com/59d68b114e426e1336e51fa6794d65ff4d41e6c167db7929dca80860e35b3d67/68747470733a2f2f7472617669732d63692e6f72672f736c696d7068702f536c696d2d437372662e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/slimphp/Slim-Csrf)[![Coverage Status](https://camo.githubusercontent.com/9af5113873f59dee701f9abc6195bc70df77bd44a8dbefc16ad911fef966157e/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f736c696d7068702f536c696d2d437372662f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/slimphp/Slim-Csrf?branch=master)

This repository contains a Slim Framework CSRF protection PSR-15 middleware. CSRF protection applies to all unsafe HTTP requests (POST, PUT, DELETE, PATCH).

You can fetch the latest CSRF token's name and value from the Request object with its `getAttribute()` method. By default, the CSRF token's name is stored in the `csrf_name` attribute, and the CSRF token's value is stored in the `csrf_value` attribute.

Install
-------

[](#install)

Via Composer

```
$ composer require slim/csrf
```

Requires Slim 4.0.0 or newer.

Usage
-----

[](#usage)

In most cases you want to register Slim\\Csrf for all routes, however, as it is middleware, you can also register it for a subset of routes.

### Register for all routes

[](#register-for-all-routes)

```
use DI\Container;
use Slim\Csrf\Guard;
use Slim\Factory\AppFactory;

require __DIR__ . '/vendor/autoload.php';

// Start PHP session
session_start();

// Create Container
$container = new Container();
AppFactory::setContainer($container);

// Create App
$app = AppFactory::create();
$responseFactory = $app->getResponseFactory();

// Register Middleware On Container
$container->set('csrf', function () use ($responseFactory) {
    return new Guard($responseFactory);
});

// Register Middleware To Be Executed On All Routes
$app->add('csrf');

$app->get('/foo', function ($request, $response, $args) {
    // CSRF token name and value
    $csrf = $this->get('csrf');
    $nameKey = $csrf->getTokenNameKey();
    $valueKey = $csrf->getTokenValueKey();
    $name = $request->getAttribute($nameKey);
    $value = $request->getAttribute($valueKey);

    /*
       Render HTML form which POSTs to /bar with two hidden input fields for the
       name and value: