Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Laravel 5 CSRF global token hidden field for all forms in a page

Tags:

php

csrf

laravel

I recently migrated to Laravel 5, and now CSRF check is on every post submission. I thought about removing it but I want to follow the best practices, so I'll keep it that way.

On the other hand, I'm problems submitting ajax requests.. my page has multiple forms and some submissions are not even from forms, just plain ajax calls. My idea is to have one single hidden "token" input on the page and attach it to every submission. Are there any drawbacks on having that universal single token input?

Also, how can I output the token? Would it be ok to just create a hidden input on the page footer?

like image 895
sigmaxf Avatar asked Feb 13 '15 13:02

sigmaxf


1 Answers

There is a helper to add the form token inside forms. You can just use

{!! csrf_field() !!} 

inside the forms. It will add the hidden input and the token.

like image 185
Arda Avatar answered Sep 25 '22 07:09

Arda