PHPackages                             leafs/csrf - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. leafs/csrf

ActiveLibrary[Framework](/categories/framework)

leafs/csrf
==========

Leaf CSRF security patch for leaf anchor

v0.5.4(1y ago)25.0k↓50%31MITPHP

Since Nov 7Pushed 1y ago1 watchersCompare

[ Source](https://github.com/leafsphp/csrf)[ Packagist](https://packagist.org/packages/leafs/csrf)[ Docs](https://leafphp.netlify.app/#/)[ GitHub Sponsors](https://github.com/leafsphp)[ Fund](https://opencollective.com/leaf)[ RSS](/packages/leafs-csrf/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (8)Dependencies (3)Versions (12)Used By (1)

 [![](https://camo.githubusercontent.com/e83224618735d048f0f70f04e02d7973a634a055e18d47fe22501e3a85e40b9f/68747470733a2f2f6c6561667068702e6e65746c6966792e6170702f6173736574732f696d672f6c656166332d6c6f676f2e706e67)](https://camo.githubusercontent.com/e83224618735d048f0f70f04e02d7973a634a055e18d47fe22501e3a85e40b9f/68747470733a2f2f6c6561667068702e6e65746c6966792e6170702f6173736574732f696d672f6c656166332d6c6f676f2e706e67)

Leaf Anchor CSRF
================

[](#leaf-anchor-csrf)

Leaf PHP
========

[](#leaf-php)

[![Latest Stable Version](https://camo.githubusercontent.com/fa03b28f492bde209a97773651f89829246be58b36505da9de1fd44b47087710/68747470733a2f2f706f7365722e707567782e6f72672f6c656166732f637372662f762f737461626c65)](https://packagist.org/packages/leafs/csrf)[![Total Downloads](https://camo.githubusercontent.com/060ca89c5b4ea6d3f29d5ba8e6b0b5901a61828f1f7e5835412906234109ceec/68747470733a2f2f706f7365722e707567782e6f72672f6c656166732f637372662f646f776e6c6f616473)](https://packagist.org/packages/leafs/csrf)[![License](https://camo.githubusercontent.com/4891263e6bfd9c01653874eac546ce219b07a23afc625ba554900eccb75fe7bf/68747470733a2f2f706f7365722e707567782e6f72672f6c656166732f637372662f6c6963656e7365)](https://packagist.org/packages/leafs/csrf)

> This is an experimental module. Please open an issue if you notice any bugs or malfunctions.

This package is leaf's implementation of a CSRF protection module. It integrates directly with Leaf so there's no need to worry about tweaking your app to make it work.

Setting Up
----------

[](#setting-up)

You can install the CSRF module using the Leaf CLI or Composer.

```
leaf install csrf
```

```
composer require leafs/csrf
```

Basic Usage
-----------

[](#basic-usage)

After installing leaf CSRF, leaf automatically loads the CSRF package for you so you can start using it on the Leaf instance.

```
app()->csrf();
```

If you have any configuration you want to set, you can pass it as an array to the `csrf` method.

```
app()->csrf([
  'methods' => ['POST', 'PUT', 'PATCH', 'DELETE'],
  'except' => ['/', '/webhook'],
  'secret' => 'my-secret-key',
  'messages.tokenNotFound' => 'Token not found',
  'messages.tokenInvalid' => 'Token is invalid',
  'onError' => function () {
    response()->redirect('/error');
  }
]);
```

### Usage outside of leaf

[](#usage-outside-of-leaf)

Most leaf modules can be used outside of leaf and this is no exception. If you decide to use the CSRF module outside of leaf, you will need to manually initialize the package.

```
Leaf\Anchor\CSRF::init();
```

This function generates a token with a secret and a random hash and saves that in a session. If no session exists, the CSRF module will create a session for your app and save the token in that session. You can then pass your configuration as an array to the `config()` method.

```
Leaf\Anchor\CSRF::init();
Leaf\Anchor\CSRF::config([
  ...
]);
```

After initializing the CSRF module, you can then use the `validate()` method as a kind of middleware to check if the CSRF token is valid.

```
Leaf\Anchor\CSRF::validate();
```

Be sure to do this above the rest of your code so that the CSRF module can properly protect your app.

You can find the full documentation for this module on the [Leaf Documentation](https://leafphp.dev/docs/security/csrf).

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance38

Infrequent updates — may be unmaintained

Popularity27

Limited adoption so far

Community18

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 68.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~117 days

Recently: every ~27 days

Total

11

Last Release

530d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/29547806?v=4)[Mychi](/maintainers/Mychi)[@mychi](https://github.com/mychi)

---

Top Contributors

[![mychidarko](https://avatars.githubusercontent.com/u/26604242?v=4)](https://github.com/mychidarko "mychidarko (26 commits)")[![ibnsultan](https://avatars.githubusercontent.com/u/28471267?v=4)](https://github.com/ibnsultan "ibnsultan (8 commits)")[![crosa7](https://avatars.githubusercontent.com/u/32076460?v=4)](https://github.com/crosa7 "crosa7 (2 commits)")[![Awilum](https://avatars.githubusercontent.com/u/477114?v=4)](https://github.com/Awilum "Awilum (1 commits)")[![milosPavic](https://avatars.githubusercontent.com/u/7430264?v=4)](https://github.com/milosPavic "milosPavic (1 commits)")

---

Tags

csrfleafphpphpphpframeworkutilleaf

### Embed Badge

![Health badge](/badges/leafs-csrf/health.svg)

```
[![Health](https://phpackages.com/badges/leafs-csrf/health.svg)](https://phpackages.com/packages/leafs-csrf)
```

###  Alternatives

[leafs/leaf

Elegant PHP for modern developers

1.3k48.6k11](/packages/leafs-leaf)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
