PHPackages osynapsy/csrf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. osynapsy/csrf ActiveLibrary[Security](/categories/security) osynapsy/csrf ============= Osynapsy CSRF protection package providing simple nonce + token generation for secure forms and actions. 1.0(6mo ago)07MITPHPPHP >=8.0.0 Since Nov 14Pushed 6mo agoCompare [ Source](https://github.com/osynapsy/csrf)[ Packagist](https://packagist.org/packages/osynapsy/csrf)[ Docs](http://www.osynapsy.net/assert)[ RSS](/packages/osynapsy-csrf/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) Osynapsy CSRF Protection ======================== [](#osynapsy-csrf-protection) A lightweight and simple CSRF protection package for Osynapsy forms and actions. Provides a stateless, HMAC-based token system to secure sensitive POST operations. --- Features -------- [](#features) - Generate CSRF tokens (`nonce` + `token`) for forms. - Easy integration with Osynapsy `Form` components. - Optional check in actions extending `AbstractAction`. - Minimal and explicit: only enable CSRF where necessary. - No session overhead, fully stateless. --- Installation ------------ [](#installation) Install via Composer: ``` composer require osynapsy/csrf ``` Usage ----- [](#usage) ### Adding CSRF fields to a form [](#adding-csrf-fields-to-a-form) ``` use Osynapsy\Csrf\FormCsrf; $form = new \MyProject\Form\UserEditForm(); \FormCsrf::apply($form, $_ENV['CSRF_SECRET']); ``` This will add two hidden fields to your form: - csrf\_nonce - csrf\_token ### Checking CSRF in an action [](#checking-csrf-in-an-action) Extend your action from Osynapsy\\Csrf\\Action\\AbstractAction: ``` public function execute() { $this->checkCsrf(); // Validates the CSRF token and nonce // Your action logic here } ``` The check will throw an exception if the CSRF token is missing or invalid. ### Security Notes [](#security-notes) Only enable CSRF on forms that perform sensitive POST operations. Use HTTPS and set secure cookies for sessions. Keep SECRET\_KEY secret and unique per project. The package is stateless, so no server-side session storage is required. ### Classes [](#classes) Osynapsy\\Csrf\\Token – Generates and verifies CSRF tokens. Osynapsy\\Csrf\\FormCsrf – Helper to apply CSRF fields to a form. Osynapsy\\Csrf\\Action\\AbstractAction – Base action with checkCsrf() method. License ------- [](#license) MIT licence ### Health Score 31 — LowBetter than 68% of packages Maintenance68 Regular maintenance activity Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 185d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/226ca9f83b5b027ed3c17cdba7c9d1893e04b748380cf80a1c2975cdf824389a?d=identicon)[osynapsy](/maintainers/osynapsy) --- Top Contributors [![osynapsy](https://avatars.githubusercontent.com/u/20558256?v=4)](https://github.com/osynapsy "osynapsy (11 commits)") --- Tags csrfOsynapsy ### Embed Badge ![Health badge](/badges/osynapsy-csrf/health.svg) ``` [![Health](https://phpackages.com/badges/osynapsy-csrf/health.svg)](https://phpackages.com/packages/osynapsy-csrf) ``` ### Alternatives [aura/session Provides session management functionality, including lazy session starting, session segments, next-request-only ("flash") values, and CSRF tools. 2041.2M69](/packages/aura-session)[paragonie/anti-csrf Paragon Initiative's Anti-CSRF Security Library 307200.6k5](/packages/paragonie-anti-csrf)[owasp/csrf-protector-php CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 222348.3k4](/packages/owasp-csrf-protector-php)[kunststube/csrfp A signed token generator for cross site request forgery protection. 52209.5k1](/packages/kunststube-csrfp)[riimu/kit-csrf Secure and simple CSRF library protected against timing and BREACH attacks 6526.1k](/packages/riimu-kit-csrf)[ayesh/stateless-csrf Secret-key based state-less CSRF token generator and validator for PHP 8. State-less means you do not have to store the CSRF token in session or database. 3223.3k](/packages/ayesh-stateless-csrf) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)