Archived! Now that all modern browsers implement SameSite cookies and the Origin HTTP header, this bundle is - in most cases - not necessary anymore. Learn how to protect your Symfony APIs from CSRF attacks. If you need to maintain old applications, take a look to DneustadtCsrfCookieBundle. This API Platform and Symfony bundle provides automatic Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications. Despite the name, it works with any client-side technology including Angular, React, Vue.js, and jQuery. Actually, any JavaScript code issuing XMLHttpRequest or using the Fetch API can leverage this bundle.
Features
- To prevent CSRF attacks, the bundle will check that the header's value match the cookie's value
- Use Composer to install this bundle
- Configure URLs where the cookie must be set and that must be protected against CSRF attacks
- Examples available
- Integration with the Symfony Form Component
- Full Configuration
Categories
SecurityLicense
MIT LicenseFollow JavaScript CSRF Protection Bundle
Other Useful Business Software
Ship Agents Faster
Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of JavaScript CSRF Protection Bundle!