Laravel | CSRF Protection
Cross-Site Request Forgery (CSRF)
is a type of attack that performed by the attacker to send requests to a system with the help of an authorized user who is trusted by the system.
Laravel provides protection with the CSRF
attacks by generating a CSRF token
. This CSRF token
is generated automatically for each user. This token is nothing but a random string that is managed by the Laravel application to verify the user requests.
How to Use:
This CSRF token protection can be applied to any HTML form in Laravel application by specifying a hidden form field of CSRF token. The requests are validated automatically by the CSRF VerifyCsrfToken
There are three different ways in which you can do this.
This is a blade template directive for generating the hidden input field in the HTML form.
This function can be used to generate the hidden input field in the HTML form.
This function should be written inside double curly braces.
This function just gives a random string. This function does not generate the hidden input field.
HTML input field should be written explicitly. This function should be written inside double curly braces.
The output is going to be the same for any of the above three ways to generate a CSRF token. The CSRF token field should be written/generated at the start of every HTML form, using any of the three ways, in a Laravel application.
Inspect Element Output:
Share your thoughts in the comments
Please Login to comment...