{"id":128462,"date":"2024-07-30T10:35:14","date_gmt":"2024-07-30T14:35:14","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=128462"},"modified":"2024-07-30T10:35:16","modified_gmt":"2024-07-30T14:35:16","slug":"csrf-protection","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/","title":{"rendered":"Understanding CSRF Protection in Laravel"},"content":{"rendered":"<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A-1024x538.png\" alt=\"Understanding CSRF Protection in Laravel\" class=\"wp-image-128464\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A-300x158.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A-768x403.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png 1200w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>Cross-Site Request Forgery (CSRF) is an attack in which unauthorized commands are transmitted from a user that the web application trusts. <a href=\"https:\/\/laravel.com\" target=\"_blank\" rel=\"noreferrer noopener\">Laravel<\/a> provides robust CSRF protection out of the box to help secure your application from such vulnerabilities. This article will guide you through the basics of CSRF, how Laravel protects against CSRF attacks, and how to implement and manage CSRF protection in your Laravel applications.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#what\">What is CSRF?<\/a><\/li>\n\n\n\n<li><a href=\"#how\">How Laravel Protects Against CSRF<\/a><\/li>\n\n\n\n<li><a href=\"#implementing\">Implementing CSRF Protection<\/a><\/li>\n\n\n\n<li><a href=\"#configuring\">Configuring CSRF Token Rotation<\/a><\/li>\n\n\n\n<li><a href=\"#disabling\">Disabling CSRF Protection for Specific Routes<\/a><\/li>\n\n\n\n<li><a href=\"#example\">Complete Example of CSRF Protection<\/a><\/li>\n\n\n\n<li><a href=\"#issues\">Common Issues and Troubleshooting<\/a><\/li>\n\n\n\n<li><a href=\"#conclusion\">Conclusion<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"what\">What is CSRF?<\/h2>\n\n\n\n<p>CSRF (Cross-Site Request Forgery) is an attack that tricks a user into submitting a malicious request. It leverages the fact that a browser automatically includes credentials (like cookies) with each request, enabling an attacker to perform actions on behalf of the user without their consent.<\/p>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"how\">How Laravel Protects Against CSRF<\/h2>\n\n\n\n<p>Laravel provides built-in CSRF protection to safeguard your application from such vulnerabilities. Here\u2019s how it works:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>CSRF Tokens<\/strong>: Laravel generates a unique CSRF token for each active user session. This token is then embedded in every form of the application as a hidden field. The server verifies this token on every request to ensure the request is valid.<\/li>\n\n\n\n<li><strong>Verifying the Token<\/strong>: When a form is submitted, Laravel compares the token submitted with the form against the token stored in the user\u2019s session. If the tokens match, the request is processed. If they don\u2019t match, the request is rejected.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"implementing\">Implementing CSRF Protection<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Automatically Applied Middleware<\/h3>\n\n\n\n<p>Laravel automatically applies the CSRF protection middleware to all routes defined in the <code>web<\/code> middleware group. This group is usually defined in the <code>routes\/web.php<\/code> file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Adding CSRF Tokens to Forms<\/h3>\n\n\n\n<p>When creating forms, you need to include the CSRF token. Laravel provides a Blade directive for this:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"&lt;form method=&quot;POST&quot; action=&quot;\/your-action-url&quot;&gt;\n    @csrf\n    &lt;!-- Your form inputs --&gt;\n&lt;\/form&gt;\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">&lt;<\/span><span style=\"color: #85E89D\">form<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">method<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"POST\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">action<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"\/your-action-url\"<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    <\/span><span style=\"color: #F97583\">@csrf<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    <\/span><span style=\"color: #6A737D\">&lt;!-- Your form inputs --&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;\/<\/span><span style=\"color: #85E89D\">form<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The <code>@csrf<\/code> directive inserts a hidden input field with the CSRF token.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Handling CSRF Tokens in AJAX Requests<\/h3>\n\n\n\n<p>If you\u2019re making AJAX requests, you need to ensure the CSRF token is included in the request headers. Here\u2019s an example using jQuery:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"$.ajaxSetup({\n    headers: {\n        'X-CSRF-TOKEN': $('meta[name=&quot;csrf-token&quot;]').attr('content')\n    }\n});\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">$.<\/span><span style=\"color: #B392F0\">ajaxSetup<\/span><span style=\"color: #E1E4E8\">({<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    headers: {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        <\/span><span style=\"color: #9ECBFF\">'X-CSRF-TOKEN'<\/span><span style=\"color: #E1E4E8\">: <\/span><span style=\"color: #B392F0\">$<\/span><span style=\"color: #E1E4E8\">(<\/span><span style=\"color: #9ECBFF\">'meta[name=\"csrf-token\"]'<\/span><span style=\"color: #E1E4E8\">).<\/span><span style=\"color: #B392F0\">attr<\/span><span style=\"color: #E1E4E8\">(<\/span><span style=\"color: #9ECBFF\">'content'<\/span><span style=\"color: #E1E4E8\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">});<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>You need to include a meta tag in your HTML to store the CSRF token:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"&lt;meta name=&quot;csrf-token&quot; content=&quot;{{ csrf_token() }}&quot;&gt;\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F97583\">&lt;<\/span><span style=\"color: #79B8FF\">meta<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">name<\/span><span style=\"color: #F97583\">=<\/span><span style=\"color: #9ECBFF\">\"csrf-token\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">content<\/span><span style=\"color: #F97583\">=<\/span><span style=\"color: #9ECBFF\">\"{{ csrf_token() }}\"<\/span><span style=\"color: #F97583\">&gt;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"configuring\">Configuring CSRF Token Rotation<\/h2>\n\n\n\n<p>For enhanced security, Laravel allows CSRF tokens to rotate after each request. You can enable this in the <code>VerifyCsrfToken<\/code> middleware:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#2f363c;color:#d3d7dd\">app\/Http\/Middleware\/VerifyCsrfToken.php<\/span><span role=\"button\" tabindex=\"0\" data-code=\"protected $shouldRotate = true;\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F97583\">protected<\/span><span style=\"color: #E1E4E8\"> $shouldRotate <\/span><span style=\"color: #F97583\">=<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">true<\/span><span style=\"color: #E1E4E8\">;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"disabling\">Disabling CSRF Protection for Specific Routes<\/h2>\n\n\n\n<p>In some cases, such as when developing APIs, you might need to disable CSRF protection for certain routes. This can be done by specifying the routes to exclude in the <code>VerifyCsrfToken<\/code> middleware:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#2f363c;color:#d3d7dd\">app\/Http\/Middleware\/VerifyCsrfToken.php<\/span><span role=\"button\" tabindex=\"0\" data-code=\"protected $except = [\n    'api\/*',\n];\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F97583\">protected<\/span><span style=\"color: #E1E4E8\"> $except <\/span><span style=\"color: #F97583\">=<\/span><span style=\"color: #E1E4E8\"> [<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    <\/span><span style=\"color: #9ECBFF\">'api\/*'<\/span><span style=\"color: #E1E4E8\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">];<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"example\">Complete Example of CSRF Protection<\/h2>\n\n\n\n<p>Now that we went over different parts of CSRF protection, let\u2019s look at a complete example: <\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#2f363c;color:#d3d7dd\">routes\/web.php<\/span><span role=\"button\" tabindex=\"0\" data-code=\"Route::post('\/submit-form', [FormController::class, 'submit']);\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #79B8FF\">Route<\/span><span style=\"color: #F97583\">::<\/span><span style=\"color: #B392F0\">post<\/span><span style=\"color: #E1E4E8\">(<\/span><span style=\"color: #9ECBFF\">'\/submit-form'<\/span><span style=\"color: #E1E4E8\">, [<\/span><span style=\"color: #79B8FF\">FormController<\/span><span style=\"color: #F97583\">::class<\/span><span style=\"color: #E1E4E8\">, <\/span><span style=\"color: #9ECBFF\">'submit'<\/span><span style=\"color: #E1E4E8\">]);<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#2f363c;color:#d3d7dd\">resources\/views\/form.blade.php<\/span><span role=\"button\" tabindex=\"0\" data-code=\"&lt;!DOCTYPE html&gt;\n&lt;html&gt;\n&lt;head&gt;\n    &lt;meta name=&quot;csrf-token&quot; content=&quot;{{ csrf_token() }}&quot;&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n    &lt;form method=&quot;POST&quot; action=&quot;\/submit-form&quot;&gt;\n        @csrf\n        &lt;input type=&quot;text&quot; name=&quot;name&quot; placeholder=&quot;Your Name&quot;&gt;\n        &lt;button type=&quot;submit&quot;&gt;Submit&lt;\/button&gt;\n    &lt;\/form&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #E1E4E8\">&lt;!<\/span><span style=\"color: #85E89D\">DOCTYPE<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">html<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;<\/span><span style=\"color: #85E89D\">html<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;<\/span><span style=\"color: #85E89D\">head<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    &lt;<\/span><span style=\"color: #85E89D\">meta<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">name<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"csrf-token\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">content<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"<\/span><span style=\"color: #79B8FF\">{{<\/span><span style=\"color: #9ECBFF\"> <\/span><span style=\"color: #B392F0\">csrf_token<\/span><span style=\"color: #9ECBFF\">() <\/span><span style=\"color: #79B8FF\">}}<\/span><span style=\"color: #9ECBFF\">\"<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;\/<\/span><span style=\"color: #85E89D\">head<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;<\/span><span style=\"color: #85E89D\">body<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    &lt;<\/span><span style=\"color: #85E89D\">form<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">method<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"POST\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">action<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"\/submit-form\"<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        <\/span><span style=\"color: #F97583\">@csrf<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        &lt;<\/span><span style=\"color: #85E89D\">input<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">type<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"text\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">name<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"name\"<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">placeholder<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"Your Name\"<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        &lt;<\/span><span style=\"color: #85E89D\">button<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">type<\/span><span style=\"color: #E1E4E8\">=<\/span><span style=\"color: #9ECBFF\">\"submit\"<\/span><span style=\"color: #E1E4E8\">&gt;Submit&lt;\/<\/span><span style=\"color: #85E89D\">button<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    &lt;\/<\/span><span style=\"color: #85E89D\">form<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;\/<\/span><span style=\"color: #85E89D\">body<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">&lt;\/<\/span><span style=\"color: #85E89D\">html<\/span><span style=\"color: #E1E4E8\">&gt;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#2f363c;color:#d3d7dd\">app\/Http\/Controllers\/FormController.php<\/span><span role=\"button\" tabindex=\"0\" data-code=\"namespace App\\Http\\Controllers;\n\nuse Illuminate\\Http\\Request;\n\nclass FormController extends Controller\n{\n    public function submit(Request $request)\n    {\n        $name = $request-&gt;input('name');\n        return 'Form submitted by ' . $name;\n    }\n}\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F97583\">namespace<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">App\\Http\\Controllers<\/span><span style=\"color: #E1E4E8\">;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #F97583\">use<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">Illuminate\\Http\\Request<\/span><span style=\"color: #E1E4E8\">;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #F97583\">class<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">FormController<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #F97583\">extends<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">Controller<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    <\/span><span style=\"color: #F97583\">public<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #F97583\">function<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #B392F0\">submit<\/span><span style=\"color: #E1E4E8\">(<\/span><span style=\"color: #79B8FF\">Request<\/span><span style=\"color: #E1E4E8\"> $request)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    {<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        $name <\/span><span style=\"color: #F97583\">=<\/span><span style=\"color: #E1E4E8\"> $request<\/span><span style=\"color: #F97583\">-&gt;<\/span><span style=\"color: #B392F0\">input<\/span><span style=\"color: #E1E4E8\">(<\/span><span style=\"color: #9ECBFF\">'name'<\/span><span style=\"color: #E1E4E8\">);<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">        <\/span><span style=\"color: #F97583\">return<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #9ECBFF\">'Form submitted by '<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #F97583\">.<\/span><span style=\"color: #E1E4E8\"> $name;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">    }<\/span><\/span>\n<span class=\"line\"><span style=\"color: #E1E4E8\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This example demonstrates how Laravel protects a simple form from CSRF attacks by verifying the CSRF token embedded in the form.<\/p>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"issues\">Common Issues and Troubleshooting<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Issue: TokenMismatchException<\/h3>\n\n\n\n<p>If you encounter a <code>TokenMismatchException<\/code>, it usually means the CSRF token is missing or invalid. Here are some steps to troubleshoot:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure the <code>@csrf<\/code> directive is included in your forms.<\/li>\n\n\n\n<li>Verify that your AJAX requests include the CSRF token in the headers.<\/li>\n\n\n\n<li>Check if the session is correctly initialized and does not expire prematurely.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Issue: Session Expiration<\/h3>\n\n\n\n<p>If your session expires, the CSRF token will be invalid. Make sure your session lifetime is set appropriately in the <code>config\/session.php<\/code> configuration file.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono-NL.ttf\" style=\"font-size:clamp(16px, 1rem, 24px);font-family:Code-Pro-JetBrains-Mono-NL,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:clamp(26px, 1.625rem, 39px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"'lifetime' =&gt; 120, \/\/ in minutes\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color: #24292e\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #9ECBFF\">'lifetime'<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #F97583\">=&gt;<\/span><span style=\"color: #E1E4E8\"> <\/span><span style=\"color: #79B8FF\">120<\/span><span style=\"color: #E1E4E8\">, <\/span><span style=\"color: #6A737D\">\/\/ in minutes<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading toc-anchor\" id=\"conclusion\">Conclusion<\/h2>\n\n\n\n<p>CSRF protection is a vital security feature that helps prevent unauthorized actions on behalf of users. Laravel\u2019s built-in CSRF protection is easy to implement and provides a strong defense against CSRF attacks. By following the guidelines in this article, you can ensure your<a href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/\"> Laravel<\/a> application is well-protected against these vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cross-Site Request Forgery (CSRF) is an attack in which unauthorized commands are transmitted from a user that the web application trusts. Laravel provides robust CSRF protection out of the box to help secure your application from such vulnerabilities. This article will guide you through the basics of CSRF, how Laravel protects against CSRF attacks, and<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57032,"featured_media":128464,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4486],"tags":[],"class_list":["post-128462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-laravel"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Understanding CSRF Protection in Laravel | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding CSRF Protection in Laravel | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-30T14:35:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-30T14:35:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Derrell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derrell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\"},\"author\":{\"name\":\"Derrell\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7\"},\"headline\":\"Understanding CSRF Protection in Laravel\",\"datePublished\":\"2024-07-30T14:35:14+00:00\",\"dateModified\":\"2024-07-30T14:35:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\"},\"wordCount\":625,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png\",\"articleSection\":[\"Laravel\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\",\"name\":\"Understanding CSRF Protection in Laravel | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png\",\"datePublished\":\"2024-07-30T14:35:14+00:00\",\"dateModified\":\"2024-07-30T14:35:16+00:00\",\"description\":\"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding CSRF Protection in Laravel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7\",\"name\":\"Derrell\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/derrell-willis\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/derrellw\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Understanding CSRF Protection in Laravel | InMotion Hosting","description":"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/","og_locale":"en_US","og_type":"article","og_title":"Understanding CSRF Protection in Laravel | InMotion Hosting","og_description":"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.","og_url":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2024-07-30T14:35:14+00:00","article_modified_time":"2024-07-30T14:35:16+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","type":"image\/png"}],"author":"Derrell","twitter_card":"summary_large_image","twitter_creator":"@InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"Derrell","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/"},"author":{"name":"Derrell","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7"},"headline":"Understanding CSRF Protection in Laravel","datePublished":"2024-07-30T14:35:14+00:00","dateModified":"2024-07-30T14:35:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/"},"wordCount":625,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","articleSection":["Laravel"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/","url":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/","name":"Understanding CSRF Protection in Laravel | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","datePublished":"2024-07-30T14:35:14+00:00","dateModified":"2024-07-30T14:35:16+00:00","description":"Learn how to implement and manage CSRF protection in Laravel to secure your web applications from Cross-Site Request Forgery attacks.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/csrf-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Understanding CSRF Protection in Laravel"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/0736f70b4077032374f89709cdc255b7","name":"Derrell","sameAs":["https:\/\/www.linkedin.com\/in\/derrell-willis"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/derrellw\/"}]}},"jetpack_featured_media_url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2024\/07\/Understanding-CSRF-Protection-in-Laravel0A.png","jetpack_sharing_enabled":true,"primary_category":{"id":4486,"name":"Laravel","slug":"laravel","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/laravel\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/128462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57032"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=128462"}],"version-history":[{"count":2,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/128462\/revisions"}],"predecessor-version":[{"id":128465,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/128462\/revisions\/128465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media\/128464"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=128462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=128462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=128462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}