Join 25,000+ Laravel Developers and join the free Laravel Newsletter
Laravel / updated: November 14, 2014

CSRF Vulnerability In Laravel 4

On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', function()
    if (Session::token() !== Input::get('_token'))
        throw new IlluminateSessionTokenMismatchException;

Checkout the announcement post for all the details.

This appeared first on Laravel News

Visit Resource →

Laravel News Partners


Join the weekly newsletter and never miss out on new tips, tutorials, and more.