承接 secit-pl/advanced-form-token-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

secit-pl/advanced-form-token-bundle

Composer 安装命令:

composer require secit-pl/advanced-form-token-bundle

包简介

Advanced implementation of the Symfony form token.

README 文档

README

This bundle provides the advanced form token implementation for Symfony 2.8 and 3.0+.

Features

  • JavaScript version of the core form token
  • JavaScript code obfuscation (requires external libraries)

Installation

From the command line run

$ composer require secit-pl/advanced-form-token-bundle

Update your AppKernel by adding the bundle declaration

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            ...
            new SecIT\AdvancedFormTokenBundle\AdvancedFormTokenBundle(),
        ];

        ...
    }
}

Usage

By default this bundle is disabled for all forms. You can enable it globally or for a single form.

Simgle form usage

To enable the JavaScript token just add the javascript_csrf_protection to the form defaults.

<?php

namespace App\Form;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Form\Extension\Core\Type as FormField;
use Symfony\Component\Validator\Constraints;

class ContactType extends AbstractType
{
    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults([
            'javascript_csrf_protection' => true, // enable the JavaScript form token
            
            ...
        ]);
    }

    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        ...
    }
}

Here is the list of possible options used by JavaScript form token. Most of them works the same like the native Symfony form token options.

javascript_csrf_protection - default: false - is JavaScript form token enabled?

javascript_csrf_field_name - deafult: _jstoken - the token form field name

javascript_csrf_message - The error message displayed if the form token is invalid

javascript_csrf_javascript_obfuscator' - deafult: null - The obfuscator class used to obfuscate generated token JavaScript code

Global configuration

config.yml

advanced_form_token:
    javascript_token:
        enabled: ~ # default false - is JavaScript form token enabled for all forms?
        field_name: ~ # deafult: _jstoken - the token form field name for all forms
        javascript_obfuscator: ~ # deafult: null - The obfuscator class used to obfuscate generated token JavaScript code for all forms

JavaScript obfuscator

By default generated JavaScript code is not obfuscated. To enable it you need to define the obfuscator class which should be used for this operation. This class should implements the SecIT\AdvancedFormTokenBundle\JavaScript\ObfuscatorInterface.

Current version provides one ready to use obfuscator SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator which requires that you have already installed the https://github.com/tholu/php-packer. This package in not installed by default due to the fact that it uses the LGPL-2.1 license thich is not fully compatible with MIT license used by this bundle.

To enable the obfuscator for a single form set the javascript_csrf_javascript_obfuscator option to the SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator value.

In most cases you'd like to have obfuscator enabled for all JavaScript token forms so the best way will be to set it up globally in your config.yml:

advanced_form_token:
    javascript_token:
        javascript_obfuscator: SecIT\AdvancedFormTokenBundle\JavaScript\TholuPhpPackerObfuscator

From now TholuPhpPackerObfuscator will randomly obfuscate the JavaScript code generated for each form token.

统计信息

  • 总下载量: 17
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 13
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2017-11-06

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固