This is more specifically intended for forms of type AJAX
. It's basically catching token
and include it in the headers for when you submit a request via AJAX
.
Laravel
automatically generates token CSRF
for each active user session managed by the application. This token
is used to verify that the authenticated user is the one who actually requests for the application.
In addition to checking token CSRF
as a POST parameter, the VerifyCsrfToken
middleware also checks the request header ( X-CSRF-TOKEN
). So the existence of this metatag
.
<meta name="csrf-token" content="{{ csrf_token() }}">
So once the metatag has been created, you can instruct a library as jQuery
to automatically add token
to all request headers. This provides simple and convenient CSRF
protection for your AJAX-based applications:
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});