Csrf Helpers
The package exposes two helpers.
csrf()
function csrf(): \Quantum\Csrf\Csrf
Behavior:
- checks whether
Quantum\Csrf\Csrfis registered inQuantum\Di\Di - registers it if missing
- returns the container-managed instance
That means repeated csrf() calls in the same container return the same Csrf object.
Because that object uses session-backed storage, the important shared state is the active session token rather than object-local properties.
csrf_token()
function csrf_token(): ?string
This is the convenience helper for rendering tokens into forms or page output.
Behavior:
- reads
APP_KEYfrom the environment - throws an app exception if
APP_KEYis missing - calls
csrf()->generateToken($appKey) - returns the stored token
Use this helper when you want framework-default token generation without manually passing a key.