malhuda/laravel
1
0
Fork 0
mirror of https://github.com/laravel/laravel.git synced 2025-02-20 11:53:14 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Prevent TokenMismatchException for HTTP OPTIONS requests

Browse Source 
`OPTIONS` HTTP requests should be treated in the same way than `GET` requests by the `VerifyCsrfToken` middleware. Otherwise, an exception is thrown, thus preventing any `OPTIONS` route to work.
This commit is contained in:
Michaël Lecerf 2014-11-05 13:09:12 +01:00
parent 27aa85ccdb
commit 70d516b7ce
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/Http/Middleware/VerifyCsrfToken.php
View File

@ -17,7 +17,7 @@ class VerifyCsrfToken implements Middleware {
*/
public function handle($request, Closure $next)
{
if ($request->method() == 'GET' || $this->tokensMatch($request))
if ($this->isReadOnly($request) || $this->tokensMatch($request))
{
return $next($request);
}
@ -36,4 +36,15 @@ class VerifyCsrfToken implements Middleware {
return $request->session()->token() == $request->input('_token');
}
/**
* Determine if the HTTP request uses a read verb.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function isReadOnly($request)
{
return in_array($request->method(), ['GET', 'OPTIONS']);
}
}