This template changes the default configuration of CI4 more secure.
This repository includes:
- CodeIgniter 4.4.5
- Translations for CodeIgniter 4 System Messages dev-develop
- CodeIgniter DevKit 1.2.0
- PHPUnit 9.6.16
- Tatter\Patches 2.1.0
- Liaison Revision 1.1.0
- bear/qatools 1.10.0
- PHP 7.4 or later
$ composer create-project kenjis/ci4-app-template your-project
$ git clone https://github.com/kenjis/ci4-app-template.git your-project
$ cd your-project/
$ composer install
$ git checkout -b main
Update Composer packages:
$ composer update
Update your CodeIgniter4 project files:
$ php spark revision:update
- All Services must be manually added to
app/Config/Services.php
, even if third-party CI4 packages have their own Services.
- You must set CSRF token field in your form manually. See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#html-forms
- You must set CSP when you need. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#content-security-policy
- You need to use
csp_script_nonce()
andcsp_style_nonce()
for inline contents. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#inline-content
- Auto-Discovery of services is disabled. app/Config/Modules.php.
Config\Services
extendsCodeIgniter\Config\Services
. app/Config/Services.php.
- BaseURL's
index.php
is removed. - Auto Routing (Improved) is enabled.
Config\CURLRequest::$shareOptions
is disabled. (Since v4.4.0, this is set by default.)- MySQLi's
numberNative
is enabled. - Using Session-based CSRF protection.
- CSRF protection
$tokenRandomize
is enabled. - CSP is enabled.
- CSP
$autoNonce
is disabled. - Strict Validation Rules are used. (Since v4.3.0, this is set by default.)
- CSRF filter is enabled.
- InvalidChars filter is enabled.
- SecureHeaders filter is enabled.
Config\Feature::$multipleFilters
is enabled.
- Using
develop
version CI4. app/Config/Paths.php.
composer test // Run PHPUnit
composer cs-fix // Fix the coding style
composer cs // Check the coding style
composer sa // Run static analysis
composer run-script --list // List all commands
- CodeIgniter 3 to 4 Upgrade Helper
- CodeIgniter3-like Captcha
- PHPUnit Helper
- CodeIgniter4 Attribute Routes
- CodeIgniter Simple and Secure Twig
- CodeIgniter4 Viewi Demo