OWASP CSRF Protector V1.0.2

• Moved default logger from file based implementation to php's default error_log based approach.

OWASP CSRF Protector 1.0.1

https://blog.minhazav.xyz/2018/03/17/support-for-custom-logging-in-csrf-protector-library-and-more/

OWASP CSRF Protector php library

Changes:

• Support for AJAX request with application/json content type (JSON Payload). Token now transferred through request header in case of POST request (AJAX). Added support in server to handle such tokens.
• The parameters path, domain & secure of setcookie method made configurable via config file. Developers can set them according to needs. In case of no special requirement they can use the default settings.

OWASP CSRF Protector php library

Minor bug fixes, a few enhancements and more support for IE.

Changes:

• Ability to override logging functionality by inheriting the library
• Option to add secure flag by config value change
• Support for multiple tabs
• [bug fix] form submission through onchange event or js based submission doesn't fail
• [bug fix] Echoed form support CSRF Validation

OWASP CSRF Protector php library

Features

- Easy to integrate with any web application - CSRF Validation for every POST request & selected GET requests - **per request token** used - JS supports -- HTML Forms (static as well as dynamically generated) -- Ajax (both XHR & ActiveXObjects) -- Static links

Which version to use?