CSRF-Protector-PHP
CSRF-Protector-PHP copied to clipboard
mebjas
CSRF Protector library: standalone library for CSRF mitigation
I have two requests for enhancements that would suit my needs quite nicely. 1. Could you possibly make the duration of the cookie configurable? My site has a setting that...
`csrfp_wrapper::checkHeader()` returns on first match of a header name but I've noticed an issue with it after modeling a `getHeaderValue()` method on it. The array returned by `xdebug_get_headers()` accumulates values...
Sorry to keep bothering you, but I have discovered another problem, specific to IE 11. Apparently, in IE11, `typeof ActiveXObject` always evaluates to `undefined`, even when `new ActiveXObject()` will correctly...
Dear mebjas, I tried to search this and couldn't find anything regards on this title. Can you kindly let me know how attach a token to an ajax request? Appreciate...
**Describe the bug** Using the Zendesk widget on a page protected by CSRF-Protector-php causes a syntax error: "Uncaught SyntaxError: Invalid or unexpected token". The widget adds an iframe to the...
hi.` I have a form but it returns "403 access forbidden by csrfprotector!" whenever I submitted the form. I read the discussion and tries each of them but it doesn't...
**Describe the bug** When using a server that leverages Cloudflare's Proxy and while attempting an AJAX call (PHP/Javascript), you will receive a 403 Forbidden response from csrfprotector. **To Reproduce** Configure...
I have installed using 'Non-Composer' method. PHP 8.1 MySQL on a Virtual Private Server at our Hosts. We have a strict Content Security Policy enforced. All 'modules' in my application...
Is there any plan to allow for SameSite to be set? Currently the only way is by manually updating the setcookie() call in csrfprotector.php as per https://github.com/mebjas/CSRF-Protector-PHP/issues/145
**Describe the bug** I am submitting a form POST request via jquery on('submit'). What I've noticed is that it's being intercepted, it's removing the CSRF token, executing my ajax call...
