Commit 4d0de14b authored by Taylor Otwell's avatar Taylor Otwell

tweaks CSRF filter.

parent e1686857
...@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware { ...@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware {
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if ($request->session()->token() != $request->input('_token')) if ($request->method == 'GET' || $this->tokensMatch($request))
{ {
return $next($request);
}
throw new TokenMismatchException; throw new TokenMismatchException;
} }
return $next($request); /**
* Determine if the session and input CSRF tokens match.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function tokensMatch($request)
{
return $request->session()->token() != $request->input('_token');
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment