|
|
@@ -17,7 +17,7 @@ class VerifyCsrfToken implements Middleware {
|
|
|
*/
|
|
|
public function handle($request, Closure $next)
|
|
|
{
|
|
|
- if ($request->method() == 'GET' || $this->tokensMatch($request))
|
|
|
+ if ($this->isReadOnly($request) || $this->tokensMatch($request))
|
|
|
{
|
|
|
return $next($request);
|
|
|
}
|
|
|
@@ -36,4 +36,15 @@ class VerifyCsrfToken implements Middleware {
|
|
|
return $request->session()->token() == $request->input('_token');
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * Determine if the HTTP request uses a ‘read’ verb.
|
|
|
+ *
|
|
|
+ * @param \Illuminate\Http\Request $request
|
|
|
+ * @return bool
|
|
|
+ */
|
|
|
+ protected function isReadOnly($request)
|
|
|
+ {
|
|
|
+ return in_array($request->method(), ['GET', 'OPTIONS']);
|
|
|
+ }
|
|
|
+
|
|
|
}
|
Michaël Lecerf