📣 FREE Course Alert! 📣 Learn to navigate the digital world safely with Internet Street Smarts

🤑 Join the Treehouse affiliate program and earn 25% commission!

✨ No-code curious? Check out 4 new FREE Adalo courses and start building an app in minutes — no code required!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Well done!

You have completed Introducing MVC Frameworks in PHP!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse Continue

Middleware

6:32 with Alena Holligan

Middleware

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

All applications function using a request/response cycle. 0:00

[SOUND] The user makes a request. 0:04

[SOUND] And the application returns a response. 0:07

[SOUND] Middleware allows us to layer code, 0:10

which is able to manipulate the request and response objects. 0:13

A request [SOUND] comes in to our outermost middleware first. 0:18

And continue to subsequent middleware until it reaches the app. 0:22

Each middleware can access and modify request object when the app 0:26

create a response, it sends the response back through the middleware. 0:32

Starting with the innermost middleware and all the way back out to the user. 0:37

This time, each middleware can access and modify the response object. 0:43

The router we've been using is an example of middleware. 0:49

It manipulates the request and response cycle. 0:52

Let's take a look at adding additional middleware 0:56

to prevent cross-site request forgery, or CSRF. 0:58

This middleware will help prevent data from coming in to your site 1:04

from outside the application. 1:09

For more details, check the notes associated with this video. 1:12

Let's search for slim csrf. 1:17

The first result, is from this Slim developers themselves, so let's go there. 1:22

If we scroll down to the install, we see that first we need 1:28

Composer to require Slim\Csrf. 1:32

So let's go into our terminal. 1:37

We want to be within our project folder cd mvc-framework. 1:39

From here, we composer 1:46

require slim/csrf. 1:53

Great, let's go back to our next step. 2:01

Under usage to register for all routes, 2:03

we can see here that we're adding a container for the Csrf. 2:07

Let's copy this and go into our container. 2:12

Dependencies.php. 2:17

We're going to add a new container for csrf. 2:23

Next we can see that we are ready to register the middleware for all routes. 2:31

This time, we'll go into middleware. 2:36

To our app, we add our container with a csrf. 2:44

Csrf protection applies to all unsafe HTTP requests, 2:50

post, put, delete, and patch. 2:56

Let's see how it works so far. 2:59

When we visit the site using the get method, everything works as before. 3:02

When we try to submit our form via post, we see that our CSRF check failed. 3:07

Great, now let's add the details that we need to allow this form to work. 3:14

We need the csrf token name and value. 3:19

We're then going to need to add this to our views. 3:23

So we need to make sure that we add this to our args variable. 3:27

Back at our routes, We'll need to add these variables to our args array. 3:34

Args['csrf'] is 3:47

going to equal an array. 3:51

Here we'll use the key value pairs built using the attributes 3:56

that the csrf middleware added to our request object. 4:01

We use the nameKey, and then we'll request the getAttribute of that nameKey 4:06

Next, we'll use valueKey and 4:16

assign it the getAttribute of that valueKey. 4:19

And close our array. 4:26

Now we can use that csrf array to add hidden values to our contact form. 4:28

We'll open contact-form.phtml. 4:36

Before the end of our form, We're 4:42

going to add foreach ($csrf 4:48

as $key=>value). 4:55

Then we'll echo, input 5:03

type=\ "hidden\" 5:08

name=\"$key\"value" =\ 5:14

"$value\". 5:24

I've surrounded this in double quotes so the value of our variables will be used. 5:31

Let's visit our contact form in the browser again. 5:37

This time if we view source. 5:41

We can see our hidden values. 5:46

We have csrf_name and csrf_value. 5:50

The values of these hidden fields refresh each time this page is refreshed. 5:55

Now when I submit the form, the CSRF check, passes and we proceed as before. 6:02

There are all kinds of middleware available for you to use and 6:10

you can even write your own. 6:13

Authentication, Error Handling, Debugging, Optimization, 6:15

Security, Sessions, URL Modifications, Image manipulation, and more. 6:20

Check the notes for more resources, and then go ahead and 6:26

take your application for a spin. 6:29

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up