You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. <?php
  2. namespace Config;
  3. use CodeIgniter\Config\BaseConfig;
  4. class Security extends BaseConfig
  5. {
  6. /**
  7. * --------------------------------------------------------------------------
  8. * CSRF Protection Method
  9. * --------------------------------------------------------------------------
  10. *
  11. * Protection Method for Cross Site Request Forgery protection.
  12. *
  13. * @var string 'cookie' or 'session'
  14. */
  15. public $csrfProtection = 'cookie';
  16. /**
  17. * --------------------------------------------------------------------------
  18. * CSRF Token Randomization
  19. * --------------------------------------------------------------------------
  20. *
  21. * Randomize the CSRF Token for added security.
  22. *
  23. * @var bool
  24. */
  25. public $tokenRandomize = false;
  26. /**
  27. * --------------------------------------------------------------------------
  28. * CSRF Token Name
  29. * --------------------------------------------------------------------------
  30. *
  31. * Token name for Cross Site Request Forgery protection.
  32. *
  33. * @var string
  34. */
  35. public $tokenName = 'csrf_test_name';
  36. /**
  37. * --------------------------------------------------------------------------
  38. * CSRF Header Name
  39. * --------------------------------------------------------------------------
  40. *
  41. * Header name for Cross Site Request Forgery protection.
  42. *
  43. * @var string
  44. */
  45. public $headerName = 'X-CSRF-TOKEN';
  46. /**
  47. * --------------------------------------------------------------------------
  48. * CSRF Cookie Name
  49. * --------------------------------------------------------------------------
  50. *
  51. * Cookie name for Cross Site Request Forgery protection.
  52. *
  53. * @var string
  54. */
  55. public $cookieName = 'csrf_cookie_name';
  56. /**
  57. * --------------------------------------------------------------------------
  58. * CSRF Expires
  59. * --------------------------------------------------------------------------
  60. *
  61. * Expiration time for Cross Site Request Forgery protection cookie.
  62. *
  63. * Defaults to two hours (in seconds).
  64. *
  65. * @var int
  66. */
  67. public $expires = 7200;
  68. /**
  69. * --------------------------------------------------------------------------
  70. * CSRF Regenerate
  71. * --------------------------------------------------------------------------
  72. *
  73. * Regenerate CSRF Token on every submission.
  74. *
  75. * @var bool
  76. */
  77. public $regenerate = true;
  78. /**
  79. * --------------------------------------------------------------------------
  80. * CSRF Redirect
  81. * --------------------------------------------------------------------------
  82. *
  83. * Redirect to previous page with error on failure.
  84. *
  85. * @var bool
  86. */
  87. public $redirect = true;
  88. /**
  89. * --------------------------------------------------------------------------
  90. * CSRF SameSite
  91. * --------------------------------------------------------------------------
  92. *
  93. * Setting for CSRF SameSite cookie token.
  94. *
  95. * Allowed values are: None - Lax - Strict - ''.
  96. *
  97. * Defaults to `Lax` as recommended in this link:
  98. *
  99. * @see https://portswigger.net/web-security/csrf/samesite-cookies
  100. *
  101. * @var string
  102. *
  103. * @deprecated `Config\Cookie` $samesite property is used.
  104. */
  105. public $samesite = 'Lax';
  106. }