Browse Source

Prevent TokenMismatchException for HTTP OPTIONS requests

`OPTIONS` HTTP requests should be treated in the same way than `GET` requests by the `VerifyCsrfToken` middleware. Otherwise, an exception is thrown, thus preventing any `OPTIONS` route to work.
Michaël Lecerf 10 years ago
parent
commit
70d516b7ce
1 changed files with 12 additions and 1 deletions
  1. 12 1
      app/Http/Middleware/VerifyCsrfToken.php

+ 12 - 1
app/Http/Middleware/VerifyCsrfToken.php

@@ -17,7 +17,7 @@ class VerifyCsrfToken implements Middleware {
 	 */
 	public function handle($request, Closure $next)
 	{
-		if ($request->method() == 'GET' || $this->tokensMatch($request))
+		if ($this->isReadOnly($request) || $this->tokensMatch($request))
 		{
 			return $next($request);
 		}
@@ -36,4 +36,15 @@ class VerifyCsrfToken implements Middleware {
 		return $request->session()->token() == $request->input('_token');
 	}
 
+	/**
+	 * Determine if the HTTP request uses a ‘read’ verb.
+	 *
+	 * @param  \Illuminate\Http\Request  $request
+	 * @return bool
+	 */
+	protected function isReadOnly($request)
+	{
+		return in_array($request->method(), ['GET', 'OPTIONS']);
+	}
+
 }