CSRF (Cross-Site Request Forgery)

Recommended is this documentation on 'slim/csrf'.

To enhance security have all routes by default CSRF protection on board. The middleware that is added to all routes can be found in file 'App.php':

 * Middleware that add the csrf to all routes
 * If you are implementing per-route checks you must disable this

If you don't want this you can comment this line out or remove it.

Twig support

In the folder 'core\Twig' you can find the file name 'TwigCsrf.php', which includes a Twig extension
to apply the CSRF keys/names to the views.

The appliance of this extension can be found in the file named 'container/singleton/View.php':

$view->addExtension( new TwigCsrf(

How to validate the csrf

if ($request->getAttribute('csrf_status') === false) {
    // display suitable error here
} else {
    // successfully passed CSRF check
Last update: Tue, 13 Sep 2022 14:32:15