Browse Source

tweaks CSRF filter.

Taylor Otwell 10 years ago
parent
commit
4d0de14b45
1 changed files with 14 additions and 3 deletions
  1. 14 3
      app/Http/Middleware/CsrfMiddleware.php

+ 14 - 3
app/Http/Middleware/CsrfMiddleware.php

@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware {
 	 */
 	public function handle($request, Closure $next)
 	{
-		if ($request->session()->token() != $request->input('_token'))
+		if ($request->method == 'GET' || $this->tokensMatch($request))
 		{
-			throw new TokenMismatchException;
+			return $next($request);
 		}
 
-		return $next($request);
+		throw new TokenMismatchException;
+	}
+
+	/**
+	 * Determine if the session and input CSRF tokens match.
+	 *
+	 * @param  \Illuminate\Http\Request  $request
+	 * @return bool
+	 */
+	protected function tokensMatch($request)
+	{
+		return $request->session()->token() != $request->input('_token');
 	}
 
 }