Skip to content

Instantly share code, notes, and snippets.

@danilobatistaqueiroz

danilobatistaqueiroz/csrf.md

Created August 7, 2018 22:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save danilobatistaqueiroz/563c86a9154fd076e0ee52ab4b9d55ff to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save danilobatistaqueiroz/563c86a9154fd076e0ee52ab4b9d55ff to your computer and use it in GitHub Desktop.
Download ZIP
CSRF - Cross Site Request Forgeries
Raw
csrf.md

CSRF - Cross Site Request Forgeries

Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.

Anytime you define a HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the csrf_field helper to generate the token field:

Laravel with JWT

By default, Laravel has CSRF token verification turned on, but since we're using JWTs in a stateless manner now, we don't really need CSRF tokens. We can turn this default behavior off by commenting out the VerifyCsrfToken middleware in Kernel.php.

Links

https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment