Neuron-PHP

CsrfFilter extends Filter
in package

Framework-level CSRF protection filter.

Validates CSRF tokens on state-changing requests (POST, PUT, DELETE, PATCH) to prevent Cross-Site Request Forgery. Register as the 'csrf' route filter and apply via filters: ['csrf'] on unsafe-method routes.

Table of Contents

Properties

$_csrfToken  : CsrfToken
$_exemptMethods  : array<int, string>

Methods

__construct()  : mixed
post()  : mixed|null
pre()  : mixed|null
validateCsrfToken()  : void
Validate the request's CSRF token.
getTokenFromRequest()  : string|null
Extract the CSRF token from the POST body or X-CSRF-Token header.

Properties

$_exemptMethods

private array<int, string> $_exemptMethods = ['GET', 'HEAD', 'OPTIONS']

Methods

getTokenFromRequest()

Extract the CSRF token from the POST body or X-CSRF-Token header.

private getTokenFromRequest() : string|null
Return values
string|null
On this page

Search results