Turn on CSRF protection for a group of GET routes in Laravel - PhpOut

Viewsonic
December 1, 2022
229 views
1 vote
2 Answers

I have the following group of GET routes on Laravel:

Route::get('/location/get', 'Ajax@getProducts');
Route::get('/products/get', 'Ajax@getProducts');
Route::get('/schedule/get', 'Ajax@getProducts');

I want to protect those routes with the automatically generated CSRF token from Laravel.

I have read some workarounds about overriding method: VerifyCsrfToken@isReading(...), but I’m not too much convinced about that.

Then I’m looking for a more elegant solution.

Thanks!

Tags: csrf csrf-token laravel middleware php

Answers

- ArthurShlain
- December 1, 2022 at 7:59 pm
- 0 votes
0
CSRF is not protecting your data. More info: https://security.stackexchange.com/a/115808

If you has no reason for using GET method with CSRF, just use POST with default csrf middleware group:
```
Route::group(['before' => 'csrf'], function() {
    // your ::post routes
});
```
Anyway, you can try to create VerifyCsrfTokenAll middleware, and use csrf_get key from this answer: https://stackoverflow.com/a/41656322/2453148
and then wrap your routes in this group:
```
Route::group(['before' => 'csrf_get'], function() {
    // your routes
});
```
Login or Signup to reply.

- EdMcDarwin
- December 1, 2022 at 9:59 pm
- 0 votes
0
Best thing I would adhere to is including the @csrf with your blade form.
```
 <form action=“{{ your route name }}” method=“GET”> @csrf </form>
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.