From 81940fb6426058cf8ef20bb50a1a4b944ea461e3 Mon Sep 17 00:00:00 2001
From: Oleg Baturin <baturin@gmail.com>
Date: Fri, 8 Nov 2024 19:12:31 +0700
Subject: [PATCH] update readme

---
 README.md | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 5c2d8df..1a92d7e 100644
--- a/README.md
+++ b/README.md
@@ -36,10 +36,11 @@ composer require yiisoft/csrf
 ## General usage
 
 In order to enable CSRF protection you need to add `CsrfTokenMiddleware` to your main middleware stack.
-In Yii it is done by configuring `config/web/application.php`:
+In Yii it is done by configuring `MiddlewareDispatcher`:
 
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
 ```php
-// [yiisoft/di](https://github.com/yiisoft/di) configuration file example
+// config/web/di/application.php
 return [
     Yiisoft\Yii\Http\Application::class => [
         '__construct()' => [
@@ -120,8 +121,9 @@ $csrfTokenMiddleware = $csrfTokenMiddleware->withHeaderName('X-CSRF-PROTECTION')
 
 or define the `CsrfTokenMiddleware` configuration in the DI container:
 
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
 ```php
-// [yiisoft/di](https://github.com/yiisoft/di) configuration file example
+// config/web/di/csrf-token.php
 use Yiisoft\Csrf\CsrfTokenMiddleware;
 use Yiisoft\Http\Method;
 
@@ -206,8 +208,9 @@ When handling the request, the API checks for the existence of this header. If t
 
 In order to enable CSRF protection you need to add `CsrfHeaderMiddleware` to your `MiddlewareDispatcher` configuration:
 
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
 ```php
-// [yiisoft/di](https://github.com/yiisoft/di) configuration file example
+// config/web/di/application.php
 return [
     Yiisoft\Yii\Http\Application::class => [
         '__construct()' => [
@@ -228,8 +231,9 @@ return [
 
 or to the routes that must be protected:
 
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
 ```php
-// [yiisoft/di](https://github.com/yiisoft/di) configuration file example
+// config/web/di/router.php
 return [
     RouteCollectionInterface::class => static function (RouteCollectorInterface $collector) use ($config) {
         $collector
@@ -258,8 +262,9 @@ $csrfHeaderMiddleware = $csrfHeaderMiddleware->withHeaderName('X-CSRF-PROTECTION
 
 or define the `CsrfHeaderMiddleware` configuration in the DI container:
 
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
 ```php
-// [yiisoft/di](https://github.com/yiisoft/di) configuration file example
+// config/web/di/csrf-header.php
 use Yiisoft\Csrf\CsrfHeaderMiddleware;
 use Yiisoft\Http\Method;
 
@@ -410,10 +415,28 @@ In JavaScript-based apps, requests are made programmatically; therefore, to incr
 Configure `CsrfTokenMiddleware` safe methods:
 
 ```php
+use Yiisoft\Csrf\CsrfTokenMiddleware;
+use Yiisoft\Http\Method;
+
 $csrfTokenMiddleware = $container->get(CsrfTokenMiddleware::class);
 $csrfTokenMiddleware = $csrfTokenMiddleware->withSafeMethods([Method::OPTIONS]);
 ```
 
+or in the DI container:
+
+>[yiisoft/di](https://github.com/yiisoft/di) configuration example
+```php
+// config/web/di/csrf-token.php
+use Yiisoft\Csrf\CsrfTokenMiddleware;
+use Yiisoft\Http\Method;
+
+return [
+    CsrfTokenMiddleware::class => [
+        'withSafeMethods()' => [[Method::OPTIONS]],
+    ],
+];
+```
+
 Add `CsrfTokenMiddleware` to the main middleware stack:
 
 ```php