hkvstore/samesite-cookie
Secure your site with SameSite cookies
Maintainers
Requires
- php: ^8.0
- psr/http-message: ^1
- psr/http-server-handler: ^1
- psr/http-server-middleware: ^1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3
- middlewares/utils: ^3
- overtrue/phplint: ^2
- phpstan/phpstan: ^1
- phpunit/phpunit: ^8 || ^9
- slim/psr7: ^1
- squizlabs/php_codesniffer: ^3
Suggests
None
Provides
None
Conflicts
None
Replaces
None
MIT 7766e189676b667c56b966f51927468783f403df
README
A PSR-15 middleware to secure your site with SameSite cookies πͺ
π Latest Version on Packagist
π Software License
π Build Status
π Coverage Status
π Quality Score
π Total Downloads
Requirements
- PHP 8.0+
Installation
composer require selective/samesite-cookie
SameSite cookies
Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
Warning: SameSite cookies doesn't work at all for old Browsers and also not for some Mobil Browsers e.g. IE 10, Blackberry, Opera Mini, IE Mobile, UC Browser for Android.
Further details can be found here:
- SameSite cookies explained
- CSRF is (really) dead
- PHP setcookie βSameSite=Strictβ?
- How to Set a cookie attribute Samesite value in PHP ?
- Can I use SameSite?
Slim 4 integration
<?php use Selective\SameSiteCookie\SameSiteCookieMiddleware; use Slim\Factory\AppFactory; $app = AppFactory::create(); // ... // Register the samesite cookie middleware $app->add(new SameSiteCookieMiddleware()); // ... $app->run();
Example with configuration and the session starter middleware.
Slim 4 uses a LIFO (last in, first out) middleware stack, so we have to add the middleware in reverse order:
<?php use Selective\SameSiteCookie\SameSiteCookieConfiguration; use Selective\SameSiteCookie\SameSiteCookieMiddleware; use Selective\SameSiteCookie\SameSiteSessionMiddleware; use Slim\Factory\AppFactory; $app = AppFactory::create(); // ... // Optional: Add custom configuration $configuration = new SameSiteCookieConfiguration(); // Register the samesite cookie middleware $app->add(new SameSiteCookieMiddleware($configuration)); // Optional: Start the PHP session // Use this middleware only if you have no other session starter middleware $app->add(new SameSiteSessionMiddleware()); // ... $app->run();
License
The MIT License (MIT). Please see License File for more information.