diff --git a/LICENSE.md b/LICENSE.md index bc5674f..6a920d6 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,17 +1,17 @@ -Copyright © 2008 by Yii Software (https://www.yiiframework.com/) +Copyright © 2008 by Yii Software () All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Yii Software nor the names of its +* Neither the name of Yii Software nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/README.md b/README.md index 78587be..8c1380e 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ The package provides [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware for CSRF protection: - It supports two algorithms out of the box: - - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and + - Synchronizer CSRF token with customizable token generation and storage. By default, it uses random data and session. - - HMAC based token with customizable identity generation. Uses session by default. + - HMAC based token with customizable identity generation. Uses session by default. - It has ability to apply masking to CSRF token string to make [BREACH attack](https://breachattack.com/) impossible. ## Requirements @@ -159,39 +159,14 @@ the next request either as a hidden form field or via JavaScript async request. It is recommended to always use this decorator. -## Testing +## Documentation -### Unit testing +- More information can be found in the [Internals.](docs/internals.md) -The package is tested with [PHPUnit](https://phpunit.de/). To run tests: +## Support -```shell -./vendor/bin/phpunit -``` - -### Mutation testing - -The package tests are checked with [Infection](https://infection.github.io/) mutation framework with -[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it: - -```shell -./vendor/bin/roave-infection-static-analysis-plugin -``` - -### Static analysis - -The code is statically analyzed with [Psalm](https://psalm.dev/). To run static analysis: - -```shell -./vendor/bin/psalm -``` - -## License - -The Yii CSRF Protection Library is free software. It is released under the terms of the BSD License. Please -see [`LICENSE`](./LICENSE.md) for more information. - -Maintained by [Yii Software](https://www.yiiframework.com/). +If you need help or have a question, the [Yii Forum](https://forum.yiiframework.com/c/yii-3-0/63) is a good place for that. +You may also check out other [Yii Community Resources](https://www.yiiframework.com/community). ## Support the project @@ -204,3 +179,10 @@ Maintained by [Yii Software](https://www.yiiframework.com/). [![Telegram](https://img.shields.io/badge/telegram-join-1DA1F2?style=flat&logo=telegram)](https://t.me/yii3en) [![Facebook](https://img.shields.io/badge/facebook-join-1DA1F2?style=flat&logo=facebook&logoColor=ffffff)](https://www.facebook.com/groups/yiitalk) [![Slack](https://img.shields.io/badge/slack-join-1DA1F2?style=flat&logo=slack)](https://yiiframework.com/go/slack) + +## License + +The Yii Access is free software. It is released under the terms of the BSD License. +Please see [`LICENSE`](./LICENSE.md) for more information. + +Maintained by [Yii Software](https://www.yiiframework.com/). diff --git a/docs/internals.md b/docs/internals.md index b715d9f..8dc4049 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -34,10 +34,9 @@ use either newest or any specific version of PHP: ./vendor/bin/rector ``` -## Dependencies +## Composer require checker -Use [ComposerRequireChecker](https://github.com/maglnet/ComposerRequireChecker) to detect transitive -[Composer](https://getcomposer.org/) dependencies. +This package uses [composer-require-checker](https://github.com/maglnet/ComposerRequireChecker) to check if all dependencies are correctly defined in `composer.json`. To run the checker, execute the following command: