Been looking into laravel lately, and trying to figure out the CSRF protection that they have. However, i can't get it work. Is there any way i can validate all post request submitted, with the CSRF filter? I've seen that the laravel system has:
App::before(function($request)
{
//
});
How would i be able to use this with the CSRF filter? Been trying a few different things like
App::before(function($request)
{
Route::filter('csrf','post');
});
But i'm probably way off here.. how would this work? or is it even possible doing it this way?
You can use route groups. This will apply the specified options to any routes defined in a group:
Route::group(array('before' => 'csrf'), function()
{
Route::post('/', function()
{
// Has CSRF Filter
});
Route::post('user/profile', function()
{
// Has CSRF Filter
});
Route::post(....);
});
For certain routes, or if grouping isn't what you want, you can also use a pattern filter:
//all routes beginning with admin, sent via a post http request will use the csrf filter
Route::when('admin/*', 'csrf', array('post'));
NOTE: this code would go in your routes.php file