This template changes the default configuration of CI4 more secure.
This repository includes:
- CodeIgniter 4.4.5
- Translations for CodeIgniter 4 System Messages dev-develop
- CodeIgniter DevKit 1.2.0
- PHPUnit 9.6.16
- Tatter\Patches 2.1.0
- Liaison Revision 1.1.0
- bear/qatools 1.10.0
- PHP 7.4 or later
$ composer create-project kenjis/ci4-app-template your-project$ git clone https://github.com/kenjis/ci4-app-template.git your-project
$ cd your-project/
$ composer install
$ git checkout -b mainUpdate Composer packages:
$ composer updateUpdate your CodeIgniter4 project files:
$ php spark revision:update- All Services must be manually added to
app/Config/Services.php, even if third-party CI4 packages have their own Services.
- You must set CSRF token field in your form manually. See https://codeigniter4.github.io/CodeIgniter4/libraries/security.html#html-forms
- You must set CSP when you need. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#content-security-policy
- You need to use
csp_script_nonce()andcsp_style_nonce()for inline contents. See https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#inline-content
- Auto-Discovery of services is disabled. app/Config/Modules.php.
Config\ServicesextendsCodeIgniter\Config\Services. app/Config/Services.php.
- BaseURL's
index.phpis removed. - Auto Routing (Improved) is enabled.
Config\CURLRequest::$shareOptionsis disabled. (Since v4.4.0, this is set by default.)- MySQLi's
numberNativeis enabled. - Using Session-based CSRF protection.
- CSRF protection
$tokenRandomizeis enabled. - CSP is enabled.
- CSP
$autoNonceis disabled. - Strict Validation Rules are used. (Since v4.3.0, this is set by default.)
- CSRF filter is enabled.
- InvalidChars filter is enabled.
- SecureHeaders filter is enabled.
Config\Feature::$multipleFiltersis enabled.
- Using
developversion CI4. app/Config/Paths.php.
composer test // Run PHPUnit
composer cs-fix // Fix the coding style
composer cs // Check the coding style
composer sa // Run static analysis
composer run-script --list // List all commands
- CodeIgniter 3 to 4 Upgrade Helper
- CodeIgniter3-like Captcha
- PHPUnit Helper
- CodeIgniter4 Attribute Routes
- CodeIgniter Simple and Secure Twig
- CodeIgniter4 Viewi Demo