PHPackages uniondev/csrf-route-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. uniondev/csrf-route-bundle ActiveSymfony-bundle[Security](/categories/security) uniondev/csrf-route-bundle ========================== Symfony bundle which provides a simple way to add CSRF tokens to routes 02[1 issues](https://github.com/uniondevru/csfr-bundle/issues)PHP Since Feb 28Pushed 6y ago1 watchersCompare [ Source](https://github.com/uniondevru/csfr-bundle)[ Packagist](https://packagist.org/packages/uniondev/csrf-route-bundle)[ RSS](/packages/uniondev-csrf-route-bundle/feed)WikiDiscussions master Synced 1w ago READMEChangelogDependenciesVersions (1)Used By (0) GenedysCsrfRouteBundle ====================== [](#genedyscsrfroutebundle) This [Symfony3](http://symfony.com) bundle provides route annotation and options to secure routes against [CSRF attacks](http://en.wikipedia.org/wiki/Cross-site_request_forgery) and without using forms. [![Latest Stable Version](https://camo.githubusercontent.com/48db9df39e63dd8480a8cd3adeba553cc547cbe9cb5be2653ad5dfbf9d5a44de/68747470733a2f2f706f7365722e707567782e6f72672f67656e656479732f637372662d726f7574652d62756e646c652f762f737461626c65)](https://packagist.org/packages/genedys/csrf-route-bundle) [![Total Downloads](https://camo.githubusercontent.com/3405eccfc230c0d54af5844c691dc609f33f775d501f44afaa80fe476d68bf78/68747470733a2f2f706f7365722e707567782e6f72672f67656e656479732f637372662d726f7574652d62756e646c652f646f776e6c6f616473)](https://packagist.org/packages/genedys/csrf-route-bundle) [![Latest Unstable Version](https://camo.githubusercontent.com/89984c308b485e15b583767f8dcbfbb035c2b09f12df3db4fff9691e5a879bc1/68747470733a2f2f706f7365722e707567782e6f72672f67656e656479732f637372662d726f7574652d62756e646c652f762f756e737461626c65)](https://packagist.org/packages/genedys/csrf-route-bundle) [![License](https://camo.githubusercontent.com/ad41d328a2a77b9f3741d51695316228b149718228065063e5458f5f37d68cda/68747470733a2f2f706f7365722e707567782e6f72672f67656e656479732f637372662d726f7574652d62756e646c652f6c6963656e7365)](https://packagist.org/packages/genedys/csrf-route-bundle)[![SensioLabsInsight](https://camo.githubusercontent.com/80702b3e92f4d1cdba9a5aa817d33a32caf7f94e54bd538655cf3a861755a898/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f39383161313336352d363431312d346335302d383662662d3636333763626261353935632f6d696e692e706e67)](https://insight.sensiolabs.com/projects/981a1365-6411-4c50-86bf-6637cbba595c) Installation ------------ [](#installation) Use [Composer](http://getcomposer.org) to install the bundle: `composer require genedys/csrf-route-bundle` or add the following line in your `composer.json` file: ``` "require": { ... "genedys/csrf-route-bundle": "^3.0", ... } ``` Then, register the bundle in your application's bundles.php file: ``` // bundles.php return [ // ... Genedys\CsrfRouteBundle\GenedysCsrfRouteBundle => ['all' => true], // ... ]; ``` Configuration ------------- [](#configuration) Configuration reference : ``` genedys_csrf_route: enabled: true field_name: _token ``` - **enabled** : Enable or disable the token verification (default: `true`); - **field\_name** : The name of the field appended to route URLs (default: `_token`). Usage ----- [](#usage) The only thing to do to use this package is to add some configurations to the routes you want to protect. The bundle adds a router which can append a token query parameter on route generation and a controller listener validate which validates token on called routes. ### Options configuration [](#options-configuration) The bundle checks controller calls and search for a `csrf_token` option. The available parameters for this options are: - `token` : The token parameter name (by default `_token`) - `intention` : The token intention. Different intentions generate different tokens (by default `null` which results to the route name). - `methods` : The HTTP method(s) when the CSRF token is validated (by default `GET`). ``` # app/config/routing.yml homepage: ... options: - csrf_token: - token: '_token' - intention: null - methods: [GET] ``` You can also only specify the `csrf_token` option to `true` to use default parameters. ``` # app/config/routing.yml homepage: ... options: { csrf_token: true } ``` ### Annotation configuration [](#annotation-configuration) If you use annotations to configurate your routes, then the easiest way it to add an additionnal annotation to the sensible actions: ```