# Change Log

See https://github.com/slimphp/Slim-Csrf/releases for a full list

## Next

## 1.5.0

- Added: Support for PHP 8.2 and 8.3
- Added: Support for psr/http-message 2.0 in addition to 1.0

## 1.4.0

- Added: Allow to set token name and value in header

## 1.3.0

- Added: Support for PSR-12
- Added: Add XOR to token to avoid BREACH attack
- Change: PHP 7.3 is no longer supported

## 1.2.1

- Added: Implement iterator support for getLastKeyPair

## 1.2.0

- Added: Support PHP 8
- Changed: Remove support for PHP 7.1 and 7.2

## 1.1.0

- Changed: `remoteTokenFromStorage()` is now public
- Changed: Don't allow token in the body of a GET request
- Fixed: Prevent replay attack by removing token on valdiation

## 1.0.0

- Added: PSR-15 support

## 0.8.3

 - Fixed: Widen random_compat constraint in composer.json

## 0.8.2

- Fixed: Attach token name and value to request when persist mode is on

## 0.8.1

- Fixed: Default stroageis now $_SESSION again

## 0.8.0

- Added: Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:

  - `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
  - `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
  - `public setPersistentTokenMode`
  - `public getPersistentTokenMode`

  Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.
    
  The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.