Laravel / updated: November 14, 2014

CSRF Vulnerability In Laravel 4

On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', function()
{
    if (Session::token() !== Input::get('_token'))
    {
        throw new IlluminateSessionTokenMismatchException;
    }
});

Checkout the announcement post for all the details.

Laravel News Partners

Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.