You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
3.2 KiB
101 lines
3.2 KiB
<?php |
|
|
|
namespace Config; |
|
|
|
use CodeIgniter\Config\BaseConfig; |
|
|
|
class Security extends BaseConfig |
|
{ |
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Protection Method |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Protection Method for Cross Site Request Forgery protection. |
|
* |
|
* @var string 'cookie' or 'session' |
|
*/ |
|
public string $csrfProtection = 'cookie'; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Token Randomization |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Randomize the CSRF Token for added security. |
|
*/ |
|
public bool $tokenRandomize = false; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Token Name |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Token name for Cross Site Request Forgery protection. |
|
*/ |
|
public string $tokenName = 'csrf_test_name'; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Header Name |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Header name for Cross Site Request Forgery protection. |
|
*/ |
|
public string $headerName = 'X-CSRF-TOKEN'; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Cookie Name |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Cookie name for Cross Site Request Forgery protection. |
|
*/ |
|
public string $cookieName = 'csrf_cookie_name'; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Expires |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Expiration time for Cross Site Request Forgery protection cookie. |
|
* |
|
* Defaults to two hours (in seconds). |
|
*/ |
|
public int $expires = 7200; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Regenerate |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Regenerate CSRF Token on every submission. |
|
*/ |
|
public bool $regenerate = true; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF Redirect |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Redirect to previous page with error on failure. |
|
*/ |
|
public bool $redirect = false; |
|
|
|
/** |
|
* -------------------------------------------------------------------------- |
|
* CSRF SameSite |
|
* -------------------------------------------------------------------------- |
|
* |
|
* Setting for CSRF SameSite cookie token. |
|
* |
|
* Allowed values are: None - Lax - Strict - ''. |
|
* |
|
* Defaults to `Lax` as recommended in this link: |
|
* |
|
* @see https://portswigger.net/web-security/csrf/samesite-cookies |
|
* |
|
* @deprecated `Config\Cookie` $samesite property is used. |
|
*/ |
|
public string $samesite = 'Lax'; |
|
}
|
|
|