From eb63a5d6ba842590fc0d537d91b530feae5da501 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Sessing=C3=B8?= <simon.sessingoe@gmail.com>
Date: Mon, 23 Oct 2017 22:01:19 +0200
Subject: [PATCH] Added CSRF form-example in documentation (issue: #299)

---
 README.md                                      | 14 ++++++++++++++
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php |  1 +
 2 files changed, 15 insertions(+)

diff --git a/README.md b/README.md
index edfab1d..509c799 100644
--- a/README.md
+++ b/README.md
@@ -709,6 +709,20 @@ You can get the CSRF-token by calling the helper method:
 csrf_token();
 ```
 
+The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
+You can change the key by overwriting the constant in your own CSRF-verifier class.
+
+**Example:**
+
+The example below will post to the current url and add a hidden field with the name of `csrf_token`.
+
+```php
+<form method="post" action="<?= url(); ?>">
+    <input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
+    <!-- other input elements here -->
+</form>
+```
+
 ---
 
 # Middlewares
diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index 5d2b4cf..6791029 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee\Http\Middleware;
 
 use Pecee\CsrfToken;