What is Laravel basic routing - CSRF protection?

What is CSRF?

CSRF is an acronym for cross-site request forgery, which is the forceful use of an authenticated user access to perform unwanted activities. It is also known as a one-click attack or session riding.

CSRF exploits the trust that a site has in a user’s browser. In a CSRF attack, the attacker’s resolve is to cause its victim to submit a maliciously crafted web request to a website that the victim has authenticated access to.

CSRF protection

Laravel makes it easy to guard against cross-site request forgeries. To protect the application against this attack, Laravel automatically generates a CSRF "token" for each active user session on the application. This CSRF token verifies that the authenticated user is the actual person making the requests to the application.

If you are submitting a request from a form, you will add the CSRF protection in that manner. The curly braces come with the blade templating engine.

<input type="hidden" name="_token" value="{{ csrf_token() }}">

CSRF token verification is done automatically on the POST, PUT, or DELETE Request method using the VerifyCsrfToken HTTP middlewareverifies that the request input matches the token stored in the session.

The middleware also inspects the X-CSRF-TOKEN request header. You could also store the csrf-token in a meta tag and get it added to all request header to avoid csrf attack.

<meta name="csrf-token" content="{{ csrf_token() }}" />

In summary

CSRF protection is carried out elegantly on the Laravel application to avoid session riding or a one-click attack.

This process is carried out just before the Route:: processes the request to the view() or Controller to ensure that all access to the application is used solely by the appropriate end-user who initiated it.