Skip to content

Instantly share code, notes, and snippets.

@Caffe1neAdd1ct
Created February 18, 2020 22:44
Show Gist options
  • Save Caffe1neAdd1ct/8c8a7f93ca3204f66316077a9216e457 to your computer and use it in GitHub Desktop.
Save Caffe1neAdd1ct/8c8a7f93ca3204f66316077a9216e457 to your computer and use it in GitHub Desktop.
Laravel 4.2 CSRF with regenerated unique per request tokens
<?php
Route::filter('csrf', function()
{
if (Session::token() !== Input::get('_token')) {
return Redirect::to(Request::session()->get('url.intended'))
->withErrors(['danger' => ['Form resubmission blocked. Please do not refresh the page after submitting a form.']])
->withInput();
} else {
/** regenerate for next request to prevent resubmission even in the event of browsers ignoring redirects after form submission */
Request::session()->put('url.intended', \Illuminate\Support\Facades\URL::previous());
Session::regenerateToken();
}
});
<?php
class TestController extends Controller
{
public function __construct()
{
$this->beforeFilter('csrf', ['only' => ['postTest']]);
}
public function getTest()
{
return View::make('view');
}
public function postTest()
{
}
<form class="form" role="form" method="post" action="/test/test" accept-charset="UTF-8" id="test">
<input type="hidden" name="_token" value="<?= csrf_token(); ?>">
<button class="btn btn-success btn-lg" type="submit">Go</button>
</form>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment