From b05860f8da65027c983b73dabbfb0d9cd59d3ae1 Mon Sep 17 00:00:00 2001 From: rodude123 Date: Sun, 23 Jan 2022 20:59:06 +0000 Subject: [PATCH 1/3] Added in same site cookie middleware to account for csrf token --- composer.json | 3 ++- composer.lock | 57 ++++++++++++++++++++++++++++++++++++++++++++-- dist/api/index.php | 8 +++++-- src/api/index.php | 4 ++++ 4 files changed, 67 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index 3401183..a95741b 100644 --- a/composer.json +++ b/composer.json @@ -8,6 +8,7 @@ "guzzlehttp/psr7": "^2.0", "http-interop/http-factory-guzzle": "^1.2", "laminas/laminas-diactoros": "^2.6", - "laminas/laminas-httphandlerrunner": "^2.0" + "laminas/laminas-httphandlerrunner": "^2.0", + "selective/samesite-cookie": "^0.3.0" } } diff --git a/composer.lock b/composer.lock index f7ea748..52c9b6a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "4a465680bb855c70632877658a85d7b5", + "content-hash": "5aafeb561d1b79ead81458f3e265c0c1", "packages": [ { "name": "fig/http-message-util", @@ -1376,6 +1376,59 @@ }, "time": "2019-03-08T08:55:37+00:00" }, + { + "name": "selective/samesite-cookie", + "version": "0.3.0", + "source": { + "type": "git", + "url": "https://github.com/selective-php/samesite-cookie.git", + "reference": "805d82de34cb642189932feb17158da98078f9a6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/selective-php/samesite-cookie/zipball/805d82de34cb642189932feb17158da98078f9a6", + "reference": "805d82de34cb642189932feb17158da98078f9a6", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0", + "psr/http-message": "^1", + "psr/http-server-handler": "^1", + "psr/http-server-middleware": "^1" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "^2", + "middlewares/utils": "^3", + "overtrue/phplint": "^2", + "phpstan/phpstan": "0.*", + "phpunit/phpunit": "^8 || ^9", + "slim/psr7": "^1", + "squizlabs/php_codesniffer": "^3" + }, + "type": "library", + "autoload": { + "psr-4": { + "Selective\\SameSiteCookie\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "Secure your site with SameSite cookies", + "homepage": "https://github.com/selective-php/samesite-cookie", + "keywords": [ + "cookie", + "csrf", + "samesite", + "samesite-cookie" + ], + "support": { + "issues": "https://github.com/selective-php/samesite-cookie/issues", + "source": "https://github.com/selective-php/samesite-cookie/tree/0.3.0" + }, + "time": "2021-01-11T07:49:32+00:00" + }, { "name": "slim/psr7", "version": "1.4", @@ -1729,5 +1782,5 @@ "ext-pdo": "*" }, "platform-dev": [], - "plugin-api-version": "2.1.0" + "plugin-api-version": "2.2.0" } diff --git a/dist/api/index.php b/dist/api/index.php index 8f7548d..d4e59e2 100644 --- a/dist/api/index.php +++ b/dist/api/index.php @@ -12,12 +12,16 @@ use api\timelineData; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; use Slim\Factory\AppFactory; +use Selective\SameSiteCookie\SameSiteCookieMiddleware; // Start slim $app = AppFactory::create(); // create middleware $app->addRoutingMiddleware(); +// add in same site cookie stuff +$app->add(new SameSiteCookieMiddleware()); + // for error checking $errorMiddleware = $app->addErrorMiddleware(true, true, true); @@ -102,7 +106,7 @@ $app->post('/contact', function (Request $request, Response $response) $headers1 .= "Content-Type: text/html; charset=UTF-8\r\n"; $message1 = " - + {$data['subject']}