CSRF (Cross-Site Request Forgery)

Recommended is this documentation on 'slim/csrf'.

To enhance security have all routes by default CSRF protection on board. The middleware that is added to all routes can be found in file 'App.php':

/**
 * Middleware that add the csrf to all routes
 * If you are implementing per-route checks you must disable this
 */
$app->add($container->get('csrf'));

If you don't want this you can comment this line out or remove it.

Twig support

In the folder 'core\Twig' you can find the file name 'TwigCsrf.php', which includes a Twig extension
to apply the CSRF keys/names to the views.

The appliance of this extension can be found in the file named 'container/singleton/View.php':

$view->addExtension( new TwigCsrf(
   $container->csrf
});

How to validate the csrf

if ($request->getAttribute('csrf_status') === false) {
    // display suitable error here
} else {
    // successfully passed CSRF check
}
Last update: January 18th at 6:00pm