Archived! Now that all modern browsers implement SameSite cookies and the Origin HTTP header, this bundle is - in most cases - not necessary anymore. Learn how to protect your Symfony APIs from CSRF attacks. If you need to maintain old applications, take a look to DneustadtCsrfCookieBundle. This API Platform and Symfony bundle provides automatic Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications. Despite the name, it works with any client-side technology including Angular, React, Vue.js, and jQuery. Actually, any JavaScript code issuing XMLHttpRequest or using the Fetch API can leverage this bundle.
Features
- To prevent CSRF attacks, the bundle will check that the header's value match the cookie's value
- Use Composer to install this bundle
- Configure URLs where the cookie must be set and that must be protected against CSRF attacks
- Examples available
- Integration with the Symfony Form Component
- Full Configuration
Project Samples
Categories
SecurityLicense
MIT LicenseFollow JavaScript CSRF Protection Bundle
You Might Also Like
Gen AI apps are built with MongoDB Atlas
MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of JavaScript CSRF Protection Bundle!