Skip to content

Commit

Permalink
update readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@olegbaturin
olegbaturin committed Oct 28, 2024
1 parent 927ebbe commit dfe9452
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ use Yiisoft\Http\Method;
$csrfHeaderMiddleware = $container->get(CsrfHeaderMiddleware::class);

// Returns a new instance with the specified list of unsafe methods.
$csrfHeaderMiddleware = $csrfHeaderMiddleware->withUnsafeMethods([Method::POST, Method::DELETE]);
$csrfHeaderMiddleware = $csrfHeaderMiddleware->withUnsafeMethods([Method::POST]);

// Returns a new instance with the specified header name.
$csrfHeaderMiddleware = $csrfHeaderMiddleware->withHeaderName('X-CSRF-PROTECTION');
Expand Down Expand Up @@ -290,7 +290,7 @@ In this scenario

#### Configure middlewares stack

Add `CsrfHeaderMiddleware` to the main middleware stack
Add `CsrfHeaderMiddleware` to the main middleware stack:

```php
$middlewareDispatcher = $injector->make(MiddlewareDispatcher::class);
Expand All @@ -301,7 +301,7 @@ $middlewareDispatcher = $middlewareDispatcher->withMiddlewares([
]);
```

or to the routes that must be protected.
or to the routes that must be protected:

```php
$collector = $container->get(RouteCollectorInterface::class);
Expand Down Expand Up @@ -344,7 +344,7 @@ Access-Control-Allow-Origin: https://example.com

#### Configure middlewares stack

Add `CsrfHeaderMiddleware` to the main middleware stack
Add `CsrfHeaderMiddleware` to the main middleware stack:

```php
$middlewareDispatcher = $injector->make(MiddlewareDispatcher::class);
Expand All @@ -355,7 +355,7 @@ $middlewareDispatcher = $middlewareDispatcher->withMiddlewares([
]);
```

or to the routes that must be protected.
or to the routes that must be protected:

```php
$collector = $container->get(RouteCollectorInterface::class);
Expand Down Expand Up @@ -402,14 +402,14 @@ Access-Control-Allow-Origin: $frontendOrigin
By default, `CsrfMiddleware` considers `GET`, `HEAD`, `OPTIONS` methods as safe operations and doesn't perform CSRF validation.
In JavaScript-based apps, requests are made programmatically; therefore, to increase application protection, the only `OPTIONS` method can be considered safe and need not be appended with a CSRF token header.

Configure `CsrfMiddleware` safe methods.
Configure `CsrfMiddleware` safe methods:

```php
$csrfMiddleware = $container->get(CsrfMiddleware::class);
$csrfMiddleware = $csrfMiddleware->withSafeMethods([Method::OPTIONS]);
```

Add `CsrfMiddleware` to the main middleware stack
Add `CsrfMiddleware` to the main middleware stack:

```php
$middlewareDispatcher = $injector->make(MiddlewareDispatcher::class);
Expand All @@ -421,7 +421,7 @@ $middlewareDispatcher = $middlewareDispatcher->withMiddlewares([
]);
```

or to the routes that must be protected.
or to the routes that must be protected:

```php
$collector = $container->get(RouteCollectorInterface::class);
Expand Down

0 comments on commit dfe9452

Please sign in to comment.