Tereta/Security Module
Overview
Security module. Provides CSRF attack protection and applies secure HTTP headers.
CSRF Protection
A token is generated automatically and stored in the session. A hidden _csrf field is added to forms:
use Tereta\Security\Services\Csrf;
// Get token for a form
$token = Csrf::singleton()->getToken();
$field = Csrf::singleton()->getFieldName(); // '_csrf'
// Validate on form submission
Csrf::singleton()->assertValid($submittedToken); // throws exception on mismatch
HTTP Headers
Applied automatically during web request processing:
| Header | Purpose |
|---|---|
| X-Content-Type-Options | Prevents MIME type sniffing |
| X-Frame-Options | Clickjacking protection |
| Referrer-Policy | Controls referrer information sharing |
| Permissions-Policy | Blocks access to camera, microphone, geolocation |
| Content-Security-Policy | Controls resource loading (CSP with nonce for inline scripts) |
Author and License
Author: Tereta Alexander
Website: tereta.dev
License: Apache License 2.0. See LICENSE.
www.████████╗███████╗██████╗ ███████╗████████╗ █████╗
╚══██╔══╝██╔════╝██╔══██╗██╔════╝╚══██╔══╝██╔══██╗
██║ █████╗ ██████╔╝█████╗ ██║ ███████║
██║ ██╔══╝ ██╔══██╗██╔══╝ ██║ ██╔══██║
██║ ███████╗██║ ██║███████╗ ██║ ██║ ██║
╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝
.dev
Copyright (c) 2024-2026 Tereta Alexander