Skip to content

S
syncEnrollments
Commit 4d0de14b authored by Taylor Otwell's avatar Taylor Otwell
Browse files
Options

tweaks CSRF filter.

parent e1686857
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 3 deletions
app/Http/Middleware/CsrfMiddleware.php
View file @ 4d0de14b
...@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware { ...@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware {
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if ($request->session()->token() != $request->input('_token')) if ($request->method == 'GET' || $this->tokensMatch($request))
{ {
throw new TokenMismatchException; return $next($request);
} }
return $next($request); throw new TokenMismatchException;
}
/**
* Determine if the session and input CSRF tokens match.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function tokensMatch($request)
{
return $request->session()->token() != $request->input('_token');
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment