Laravel Meta CSRF - PHP

Laravel Meta CSRF is a package for Laravel that automatically adds CSRF tokens to all outgoing HTML meta tags. It helps to protect your application from Cross-Site Request Forgery attacks.

Installation

You can install this package using composer:

composer require thomsontcm/laravel-meta-csrf

Usage

Once the package is installed, you don't need to do anything else. It will automatically add CSRF tokens to all outgoing HTML meta tags.

You can confirm this by inspecting the HTML source code of your application. You should see the following meta tag added to your page:

<meta name="csrf-token" content="yRkj5YF0L8E0wGb6vEZiQervh0cU3D1zF9XJg2tn">

Configuration

By default, this package uses the csrf_token() function to generate CSRF tokens. However, you can customize this behavior by publishing the package's configuration file:

php artisan vendor:publish --provider="ThomSontcm\LaravelMetaCsrf\ServiceProvider" --tag=config

The configuration file is located at config/meta-csrf.php. You can modify the following options:

• generator: The class responsible for generating CSRF tokens. It must implement the ThomSontcm\LaravelMetaCsrf\Contracts\TokenGenerator interface. By default, it uses the SessionTokenGenerator class, which generates tokens using Laravel's default csrf_token() function.
• tag_name: The name of the HTML meta tag used to store the CSRF token. By default, it is set to csrf-token.
• tag_content: The content of the HTML meta tag used to store the CSRF token. By default, it uses the generated CSRF token.

Conclusion

Laravel Meta CSRF is a simple and effective package for protecting your Laravel application from CSRF attacks. It is easy to install and configure, and provides an additional layer of security to your application.