Skip to content

Instantly share code, notes, and snippets.

@yesdevnull
Created February 19, 2015 10:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yesdevnull/3f9ee445c5838add8905 to your computer and use it in GitHub Desktop.
Save yesdevnull/3f9ee445c5838add8905 to your computer and use it in GitHub Desktop.
Using X-XSRF-TOKENs for AJAX in Laravel 5 - Option 2
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
use Symfony\Component\Security\Core\Util\StringUtils;
class VerifyCsrfToken extends BaseVerifier {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
protected function tokensMatch($request)
{
$token = $request->session()->token();
$header = $request->header('X-XSRF-TOKEN');
return StringUtils::equals($token, $request->input('_token')) ||
($header && StringUtils::equals($token, $header));
}
}
<!-- ... -->
<head>
<meta name="csrf_token" content="{{ csrf_token() }}" />
</head>
<!-- .. -->
@xuwenzhi
Copy link

xuwenzhi commented Aug 4, 2016

Good job!
But I found some thing at original tokensMatch().Could we should decrypt the $header?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment