Howard
Reputation: 3758
Laravel routing and CSRF protection
If I have this line of code in my routes.php file:
Route::when('*', 'csrf', array('post', 'put', 'patch', 'delete'));
Do I still need to do this?
Route::group(array('before' => 'csrf'), function() {
Route::post('/search', array(
'as' => 'search-post',
'uses' => 'SearchController@postSearch'
));
});
Or is it ok to just do this?
Route::post('/search', array(
'as' => 'search-post',
'uses' => 'SearchController@postSearch'
));
Upvotes: 0
Views: 275
Answers (2)
lukasgeiter
Reputation: 153120
Route::when filters (internally called pattern filters) are called right before before filters. You're all good with just using your routes normally.
Here's the relevant source code:
public function callRouteBefore($route, $request)
{
$response = $this->callPatternFilters($route, $request);
return $response ?: $this->callAttachedBefores($route, $request);
}
As you can see first the pattern filters will be called. If they return any response it will be returned from here, otherwise the "normal" before filters will be called.
Upvotes: 3
Related Questions
- Laravel CSRF Token
- How to disable csrf protection for a route with parameter?
- disable csrf in laravel for specific route
- Laravel CSRF protection
- Disabling CSRF protection doesn't work for POST route
- Remove Csrf verifcation of specific route
- Laravel CSRF protection with REST API
- Laravel disable csrf_token for single route
- Laravel 5 disable and excluding CSRF for single route
- Using CSRF in Laravel