FuelPHP â—‡ CSRF対ç–ã‚’è¡Œã†
1.config.phpã®è¨å®š
csrf_autoload : trueã«ã™ã‚‹ã¨è‡ªå‹•ã§ãƒã‚§ãƒƒã‚¯ã‚’è¡Œã†ã€‚ã»ã¨ã‚“ã©ã®å ´åˆã€æ‰‹å‹•ã§ãƒã‚§ãƒƒã‚¯ã‚’è¡Œã†ã®ã§falseã«ã—ã¦ãŠãcsrf_token_key: hiddenã«ã‚»ãƒƒãƒˆã•ã‚Œã‚‹csrfãƒã‚§ãƒƒã‚¯å€¤ã®ã‚ーcsrf_expiration: csrfクッã‚ーã®æœ‰åŠ¹æœŸé™ã€‚0より大ããªå€¤ã¯æœ‰åŠ¹ãªç§’æ•°
Â
2.htmlã¸csrfã‚ーã®ã‚»ãƒƒãƒˆï¼ˆãƒã‚§ãƒƒã‚¯ã‚’è¡Œã†å‰ç”»é¢ï¼‰
echo \Form::hidden(\Config::get('security.csrf_token_key'), \Security::fetch_token());
Â
3.ãƒã‚§ãƒƒã‚¯
   if ( ! Security::check_token())
   {
       // CSRF 攻撃ã¾ãŸã¯ CSRF トークンã®æœŸé™åˆ‡ã‚Œ
   }
Â
