107 lines
3.0 KiB
PHP
107 lines
3.0 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
namespace Config;
|
||
|
|
|
||
|
|
use CodeIgniter\Config\BaseConfig;
|
||
|
|
|
||
|
|
class Security extends BaseConfig
|
||
|
|
{
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Protection Method
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Protection Method for Cross Site Request Forgery protection.
|
||
|
|
*
|
||
|
|
* @var string 'cookie' or 'session'
|
||
|
|
*/
|
||
|
|
public $csrfProtection = 'cookie';
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Token Name
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Token name for Cross Site Request Forgery protection.
|
||
|
|
*
|
||
|
|
* @var string
|
||
|
|
*/
|
||
|
|
public $tokenName = 'csrf_test_name';
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Header Name
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Header name for Cross Site Request Forgery protection.
|
||
|
|
*
|
||
|
|
* @var string
|
||
|
|
*/
|
||
|
|
public $headerName = 'X-CSRF-TOKEN';
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Cookie Name
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Cookie name for Cross Site Request Forgery protection.
|
||
|
|
*
|
||
|
|
* @var string
|
||
|
|
*/
|
||
|
|
public $cookieName = 'csrf_cookie_name';
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Expires
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Expiration time for Cross Site Request Forgery protection cookie.
|
||
|
|
*
|
||
|
|
* Defaults to two hours (in seconds).
|
||
|
|
*
|
||
|
|
* @var int
|
||
|
|
*/
|
||
|
|
public $expires = 7200;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Regenerate
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Regenerate CSRF Token on every submission.
|
||
|
|
*
|
||
|
|
* @var bool
|
||
|
|
*/
|
||
|
|
public $regenerate = true;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF Redirect
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Redirect to previous page with error on failure.
|
||
|
|
*
|
||
|
|
* @var bool
|
||
|
|
*/
|
||
|
|
public $redirect = true;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
* CSRF SameSite
|
||
|
|
* --------------------------------------------------------------------------
|
||
|
|
*
|
||
|
|
* Setting for CSRF SameSite cookie token.
|
||
|
|
*
|
||
|
|
* Allowed values are: None - Lax - Strict - ''.
|
||
|
|
*
|
||
|
|
* Defaults to `Lax` as recommended in this link:
|
||
|
|
*
|
||
|
|
* @see https://portswigger.net/web-security/csrf/samesite-cookies
|
||
|
|
*
|
||
|
|
* @var string
|
||
|
|
*
|
||
|
|
* @deprecated
|
||
|
|
*/
|
||
|
|
public $samesite = 'Lax';
|
||
|
|
}
|