CSRF Protection | csrf laravel
IntroductionCross-siterequestforgeriesareatypeofmaliciousexploitwherebyunauthorizedcommandsareperformedonbehalfofanauthenticateduser.Thankfully,Laravelmakesiteasytoprotectyourapplicationfromcross-siterequestforgery[1](CSRF)attacks.AnExplanationOfTheVulnerabilityIncaseyourenotfamiliarwithcross-siterequestforgeries,letsdiscussanexampleofhowthisvulnerabilitycanbeexploited.Imagineyourapplicationhasa/user/emailroutethatacceptsaPOSTrequesttochangetheauthenticatedusersemailaddress.Mostlikely,thisro...
IntroductionCross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user. Thankfully, Laravel makes it easy to protect your application from cross-site request forgery[1] (CSRF) attacks.
An Explanation Of The VulnerabilityIn case youre not familiar with cross-site request forgeries, lets discuss an example of how this vulnerability can be exploited. Imagine your application has a /user/email route that accepts a POST request to change the authenticated users email address. Most likely, this route expects an email input field to contain the email address the user would like to begin using.
Without CSRF protection, a malicious website could create an HTML form that points to your applications /user/email route and submits the malicious users own email address:
<form action="https://your-application.com/user/email" method="POST">
</form>
<scri...