Join 25,000+ Laravel Developers and join the free Laravel Newsletter
Laravel / updated: November 14, 2014

CSRF Vulnerability In Laravel 4

On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', function()
{
    if (Session::token() !== Input::get('_token'))
    {
        throw new IlluminateSessionTokenMismatchException;
    }
});

Checkout the announcement post for all the details.

This appeared first on Laravel News
Laravel News Partners

Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.