Skype: BajarangiSoft +91 8690585687



Why we use CSRF token in Laravel

admin_img Posted By Bajarangi soft , Posted On 15-01-2021

Cross-Site Request Forgery (CSRF) is a type of attack that performed by the attacker to send requests to a system with the help of an authorized user who is trusted by the system Laravel provides protection with the CSRF attacks by generating a CSRF token. This CSRF token is generated automatically for each user. This token is nothing but a random string that is managed by the Laravel application to verify the user requests.

CSRF token in Laravel

How to Use: This CSRF token protection can be applied to any HTML form in Laravel application by specifying a hidden form field of CSRF token. The requests are validated automatically by the CSRF VerifyCsrfToken middleware.

There are three different ways in which you can do this.

  1. @csrf
  2. csrf_field()
  3. csrf_token()
@csrf: This is a blade template directive for generating the hidden input field in the HTML form.
Syntax 
<form method="POST">
  @csrf  // Generate hidden input field
  .....
  .....
</form>
Example

<!DOCTYPE html> 
<html> 
    <head> 
        <title>Laravel | CSRF Protection</title> 
    </head> 
    <body> 
        <section> 
            <h1>CSRF Protected HTML Form</h1> 
            <form method="POST"> 
                @csrf 
                
                <input type="text" name="username"
                                            placeholder="Username"> 
                <input type="password" name="password"
                                            placeholder="Password"> 
                <input type="submit" name="submit" value="Submit"> 
            </form> 
        </section> 
    </body> 
</html>

csrf_field(): This function can be used to generate the hidden input field in the HTML form.

Note: This function should be written inside double curly braces.

Syntax 
<form method="POST"<

  // Generate hidden input field
  {{ csrf_field() }}  
  .....
  .....
</form>
Example

<!DOCTYPE html> 
<html> 
    <head> 
        <title>Laravel | CSRF Protection</title> 
    </head> 
    <body> 
        <section> 
            <h1>CSRF Protected HTML Form</h1> 
            <form method="POST"> 
                {{ csrf_field() }} 
                
                <input type="text" name="username"
                                    placeholder="Username"> 
                <input type="password" name="password"
                                    placeholder="Password"> 
                <input type="submit" name="submit"
                                            value="Submit"> 
            </form> 
        </section> 
    </body> 
</html>

csrf_token(): This function just gives a random string. This function does not generate the hidden input field.

Note: HTML input field should be written explicitly. This function should be written inside double curly braces.

Syntax 
<form method="POST">
  <input type="hidden" name="_token" value="{{ csrf_token() }}">
  .....
  .....
</form>
Example 
<!DOCTYPE html> 
<html> 
    <head> 
        <title>Laravel | CSRF Protection</title> 
    </head> 
    <body> 
        <section> 
            <h1>CSRF Protected HTML Form</h1> 
            <form method="POST"> 
                <input type="hidden" name="_token" value="{{ csrf_token() }}"> 
                
                <input type="text" name="username"
                                placeholder="Username"> 
                <input type="password" name="password"
                                placeholder="Password"> 
                <input type="submit" name="submit"
                                        value="Submit"> 
            </form> 
        </section> 
    </body> 
</html>

Related Post
What Is The Use Of CSRF Protection In Laravel Framework
Why we use CSRF token in Laravel
What is CSRF token and how it works