There is some option on Laravel that we allow Laravel to create a token and test it on server side to pull up CSRF attacks.
I found this on Laravel website, But didn't say how to check from Controller that is an attack or from a native and real page.
How to check the token (CSRF) on controller?
分享 Assuming you use laravel 4.x:
You don't need to check this in your controller. defining the before parameter tells laravel to check this automaticly.
Route::post('profile', array('before' => 'csrf', function(){
/* CSRF validated! */
}));
If you want to do something when the token is incorrect, you can change the filter in app/filters.php. This one:
Route::filter('csrf', function()
{
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
