This repository contains a Slim Framework CSRF protection middleware. CSRF protection applies to all unsafe HTTP requests (POST, PUT, DELETE, PATCH).

You can fetch the latest CSRF token's name and value from the Request object with its getAttribute() method. By default, the CSRF token's name is stored in the csrf_name attribute, and the CSRF token's value is stored in the csrf_value attribute.

Via Composer

$ composer require slim/csrf

Requires Slim 3.0.0 or newer.

// Start PHP session
session_start();

$app = new \Slim\App();

// Register middleware
$app->add(new \Slim\Csrf\Guard);

$app->get('/foo', function ($req, $res, $args) {
    // CSRF token name and value
    $name = $req->getAttribute('csrf_name');
    $value = $req->getAttribute('csrf_value');

    // Render HTML form hidden input with this
    // CSRF token name and value.
});

$app->post('/bar', function ($req, $res, $args) {
    // CSRF protection successful if you reached
    // this far.
});

$app->run();

$ phpunit

Please see CONTRIBUTING for details.

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

• Josh Lockhart
• All Contributors

The MIT License (MIT). Please see License File for more information.