This course will be retired on June 1, 2025.

Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Introducing MVC Frameworks in PHP

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Middleware

6:32 with Alena Holligan

Middleware

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    All applications function using a request/response cycle. 0:00
    [SOUND] The user makes a request. 0:04
    [SOUND] And the application returns a response. 0:07
    [SOUND] Middleware allows us to layer code, 0:10
    which is able to manipulate the request and response objects. 0:13
    A request [SOUND] comes in to our outermost middleware first. 0:18
    And continue to subsequent middleware until it reaches the app. 0:22
    Each middleware can access and modify request object when the app 0:26
    create a response, it sends the response back through the middleware. 0:32
    Starting with the innermost middleware and all the way back out to the user. 0:37
    This time, each middleware can access and modify the response object. 0:43
    The router we've been using is an example of middleware. 0:49
    It manipulates the request and response cycle. 0:52
    Let's take a look at adding additional middleware 0:56
    to prevent cross-site request forgery, or CSRF. 0:58
    This middleware will help prevent data from coming in to your site 1:04
    from outside the application. 1:09
    For more details, check the notes associated with this video. 1:12
    Let's search for slim csrf. 1:17
    The first result, is from this Slim developers themselves, so let's go there. 1:22
    If we scroll down to the install, we see that first we need 1:28
    Composer to require Slim\Csrf. 1:32
    So let's go into our terminal. 1:37
    We want to be within our project folder cd mvc-framework. 1:39
    From here, we composer 1:46
    require slim/csrf. 1:53
    Great, let's go back to our next step. 2:01
    Under usage to register for all routes, 2:03
    we can see here that we're adding a container for the Csrf. 2:07
    Let's copy this and go into our container. 2:12
    Dependencies.php. 2:17
    We're going to add a new container for csrf. 2:23
    Next we can see that we are ready to register the middleware for all routes. 2:31
    This time, we'll go into middleware. 2:36
    To our app, we add our container with a csrf. 2:44
    Csrf protection applies to all unsafe HTTP requests, 2:50
    post, put, delete, and patch. 2:56
    Let's see how it works so far. 2:59
    When we visit the site using the get method, everything works as before. 3:02
    When we try to submit our form via post, we see that our CSRF check failed. 3:07
    Great, now let's add the details that we need to allow this form to work. 3:14
    We need the csrf token name and value. 3:19
    We're then going to need to add this to our views. 3:23
    So we need to make sure that we add this to our args variable. 3:27
    Back at our routes, We'll need to add these variables to our args array. 3:34
    Args['csrf'] is 3:47
    going to equal an array. 3:51
    Here we'll use the key value pairs built using the attributes 3:56
    that the csrf middleware added to our request object. 4:01
    We use the nameKey, and then we'll request the getAttribute of that nameKey 4:06
    Next, we'll use valueKey and 4:16
    assign it the getAttribute of that valueKey. 4:19
    And close our array. 4:26
    Now we can use that csrf array to add hidden values to our contact form. 4:28
    We'll open contact-form.phtml. 4:36
    Before the end of our form, We're 4:42
    going to add foreach ($csrf 4:48
    as $key=>value). 4:55
    Then we'll echo, input 5:03
    type=\ "hidden\" 5:08
    name=\"$key\"value" =\ 5:14
    "$value\". 5:24
    I've surrounded this in double quotes so the value of our variables will be used. 5:31
    Let's visit our contact form in the browser again. 5:37
    This time if we view source. 5:41
    We can see our hidden values. 5:46
    We have csrf_name and csrf_value. 5:50
    The values of these hidden fields refresh each time this page is refreshed. 5:55
    Now when I submit the form, the CSRF check, passes and we proceed as before. 6:02
    There are all kinds of middleware available for you to use and 6:10
    you can even write your own. 6:13
    Authentication, Error Handling, Debugging, Optimization, 6:15
    Security, Sessions, URL Modifications, Image manipulation, and more. 6:20
    Check the notes for more resources, and then go ahead and 6:26
    take your application for a spin. 6:29

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up