-
Notifications
You must be signed in to change notification settings - Fork 89
Setting up CSRF Protector PHP in your web application
We are assuming that, you have a web application party mate (url http://partymate.com) which allows user to add parties and add users to parties, so that they are notified about party information. And you download the library to root directory of the application and extract it. So you application now has a new folder csrfp. The directory structure of this folder looks like:
|_csrfp
|_js
|_csrfprotector.js
|_libs
|_csrf
|_csrfpJsFileBase.php
|_csrfprotector.php
|_config.sample.php
|_log
Config file by default is shipped as csrfp\libs\config.sample.php which means you need to rename it to config.php & do following changes!
Note: in the config file, you need to modify 'jsUrl' before you
can use csrfprotector php library. Its very easy!
jsUrl is the absolute url of the javascript file, that will be set to client with each HTML output. So in the above case the jsUrl paramter in config.php file needs to be set to http://partymate.com/csrfp/js/csrfprotector.js
You must read Configurations to understand different parameters in config file and make changes according to your needs.
We'd recommend you include this library in every file, of your application to make your server, secure against CSRF attacks. See How to use to learn more about implementing CSRFP in your web app!
PS: wiki still under development. Please create a Github issue for any correction.