Skip to content

S
syncEnrollments
Commit 70d516b7 authored by Michaël Lecerf's avatar Michaël Lecerf
Browse files
Options

Prevent TokenMismatchException for HTTP OPTIONS requests 

`OPTIONS` HTTP requests should be treated in the same way than `GET` requests by the `VerifyCsrfToken` middleware. Otherwise, an exception is thrown, thus preventing any `OPTIONS` route to work.
parent 27aa85cc
Show whitespace changes
Inline Side-by-side
Showing with 12 additions and 1 deletion
app/Http/Middleware/VerifyCsrfToken.php
View file @ 70d516b7
...@@ -17,7 +17,7 @@ class VerifyCsrfToken implements Middleware { ...@@ -17,7 +17,7 @@ class VerifyCsrfToken implements Middleware {
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if ($request->method() == 'GET' || $this->tokensMatch($request)) if ($this->isReadOnly($request) || $this->tokensMatch($request))
{ {
return $next($request); return $next($request);
} }
...@@ -36,4 +36,15 @@ class VerifyCsrfToken implements Middleware { ...@@ -36,4 +36,15 @@ class VerifyCsrfToken implements Middleware {
return $request->session()->token() == $request->input('_token'); return $request->session()->token() == $request->input('_token');
} }
/**
* Determine if the HTTP request uses a ‘read’ verb.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function isReadOnly($request)
{
return in_array($request->method(), ['GET', 'OPTIONS']);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment