We're using laravel 5.3's built in csrf protection via {{ csrf_field() }}
method.
When we've been running security scans that are obviously failing, the server is returning a 500 Internal Server Error
However this isn't actually a server error - as it is the client sending bad information - thus it should fall into the 400 Error range.
I've done a small bit of digging and cant quite see how it actually returns the 500.
Would anybody be able to suggest how to change this response to something else?