Handle TokenMismatchExceptions

Submitted by etenzy - 2 years ago

Simply add the following lines to ./app/start/global.php at the "Application Error Handler" - Section there is no need to touch the "CSRF Protection Filter" at all.

App::error(function(Illuminate\Session\TokenMismatchException $exception, $code)
{
    /*
    |    Write to a specific log
    |    Or write the request information to the database for e.g. a firewall mechanism
    |    
    |    Or just:
    */
    
    $errors = [
        '_token' => [
            'Token tricking is very bad!'
        ]
    ];
    
    /**
     * Generate a new token for more security
     */
    Session::regenerateToken();

    /**
     * Redirect to the last step
     * Refill any old inputs except _token (it would override our new token)
     * Set the error message
     */
    return Redirect::back()->withInput(Input::except('_token'))->withErrors($errors);
});

Ads cover the costs of maintaining Laravel-tricks

comments powered by Disqus

Ads cover the costs of maintaining Laravel-tricks