Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

laravel
basic routing
csrf
communitycreator

What is Laravel basic routing - CSRF protection?

Chinweuba Elijah Azubuike

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Laravel Laravel

What is CSRF?

CSRF is an acronym for cross-site request forgery, which is the forceful use of an authenticated user access to perform unwanted activities. It is also known as a one-click attack or session riding.

CSRF exploits the trust that a site has in a user’s browser. In a CSRF attack, the attacker’s resolve is to cause its victim to submit a maliciously crafted web request to a website that the victim has authenticated access to.

CSRF protection

Laravel makes it easy to guard against cross-site request forgeries. To protect the application against this attack, Laravel automatically generates a CSRF "token" for each active user session on the application. This CSRF token verifies that the authenticated user is the actual person making the requests to the application.

If you are submitting a request from a form, you will add the CSRF protection in that manner. The curly braces come with the blade templating engine.

<input type="hidden" name="_token" value="{{ csrf_token() }}">

CSRF token verification is done automatically on the POST, PUT, or DELETE Request method using the VerifyCsrfToken HTTP middlewareverifies that the request input matches the token stored in the session.

The middleware also inspects the X-CSRF-TOKEN request header. You could also store the csrf-token in a meta tag and get it added to all request header to avoid csrf attack.

<meta name="csrf-token" content="{{ csrf_token() }}" />

In summary


CSRF protection is carried out elegantly on the Laravel application to avoid session riding or a one-click attack.

This process is carried out just before the Route:: processes the request to the view() or Controller to ensure that all access to the application is used solely by the appropriate end-user who initiated it.

RELATED TAGS

laravel
basic routing
csrf
communitycreator

CONTRIBUTOR

Chinweuba Elijah Azubuike

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring