ci4-app-template icon indicating copy to clipboard operation
ci4-app-template copied to clipboard

verified publisher icon kenjis

Metadata

CodeIgniter4 Application Template - This template changes the CI4 default config more secure.

CodeIgniter 4 Application Template

This template changes the default configuration of CI4 more secure.

This repository includes:

Requirements

  • PHP 7.4 or later
    • intl
    • libcurl if you plan to use the HTTP\CURLRequest library
    • json (enabled by default - don't turn it off)
    • mbstring
    • mysqlnd if you plan to use MySQL
    • xml (enabled by default - don't turn it off)

How to Install

Composer

$ composer create-project kenjis/ci4-app-template your-project

Git

$ git clone https://github.com/kenjis/ci4-app-template.git your-project
$ cd your-project/
$ composer install
$ git checkout -b main

How to Update

Update Composer packages:

$ composer update

Update your CodeIgniter4 project files:

$ php spark revision:update

How to Use

Services

  • All Services must be manually added to app/Config/Services.php, even if third-party CI4 packages have their own Services.

CSRF

  • You must set CSRF token field in your form manually. See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#html-forms

CSP

  • You must set CSP when you need. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#content-security-policy
  • You need to use csp_script_nonce() and csp_style_nonce() for inline contents. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#inline-content

Changes from the CI4 Default Configuration

Services

Configs

  • BaseURL's index.php is removed.
  • Auto Routing (Improved) is enabled.
  • Config\CURLRequest::$shareOptions is disabled. (Since v4.4.0, this is set by default.)
  • MySQLi's numberNative is enabled.
    • app/Config/Database.php
    • See https://codeigniter4.github.io/CodeIgniter4/database/configuration.html#explanation-of-values
  • Using Session-based CSRF protection.
    • app/Config/Security.php.
    • See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#csrf-protection-methods
  • CSRF protection $tokenRandomize is enabled.
    • app/Config/Security.php.
    • See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#token-randomization
  • CSP is enabled.
    • app/Config/App.
    • See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#turning-csp-on
  • CSP $autoNonce is disabled.
  • Strict Validation Rules are used. (Since v4.3.0, this is set by default.)
    • app/Config/Validation.php.
    • See https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#traditional-and-strict-rules

Filters

  • CSRF filter is enabled.
    • app/Config/Filters.php.
    • See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#enable-csrf-protection
  • InvalidChars filter is enabled.
  • SecureHeaders filter is enabled.

Features

  • Config\Feature::$multipleFilters is enabled.
    • app/Config/Feature.php.
    • See https://codeigniter4.github.io/CodeIgniter4/incoming/routing.html#applying-filters

Others

Available Commands

composer test              // Run PHPUnit
composer cs-fix            // Fix the coding style
composer cs                // Check the coding style
composer sa                // Run static analysis
composer run-script --list // List all commands

Related Projects for CodeIgniter 4.x

Libraries

Tutorials

Building Development Environment

Metadata

18
Stars
3
Forks
Watchers

Owner

verified publisher icon kenjis

Metadata

CodeIgniter4 Application Template - This template changes the CI4 default config more secure.

Back