Laravel | CSRF Protection

Laravel protects against CSRFattacks by generating a CSRF token . This CSRF tokenis generated automatically for each user. This token - is nothing more than a random string that is manipulated by the Laravel application to validate custom requests.How to use:this CSRF token protection can be applied to any HTML form in the Laravel application by specifying a hidden CSRF token form field. Requests are automatically validatedby the CSRF middleware VerifyCsrfToken .There are three different ways to do this.

@csrf

csrf_field()

csrf_token()

@csrf:is a blade template directive to generate a hidden input field in an HTML form.

• Syntax:

  < form method = "POST" > @csrf // Generate hidden input field ..... ..... < / form > 

• Example : < html > < head > < title > Laravel | CSRF Protection < / title > < / head > < body > < section > < h1 > CSRF Protected HTML Form < / h1 > < form method = "POST" > @ csrf < input type = "text" name = "username" placeholder = " Username " > < input type = "password" name = "password" placeholder = "Password" > < input type = "submit" name = "submit" value = "Submit" > < / form > < / section > < / body > < / html >

csrf_field(): this function can be used to create a hidden input field in an HTML form.Note:this function must be written inside double curly braces.

• Syntax:

  < form method = "POST" < // Generate hidden input field {{csrf_field()}} ..... ..... < / form > 

• Example: < html > < head > < title > Laravel | CSRF Protection < / title > < / head > < body > < section > < h1 > CSRF Protected HTML Form < / h1 > < form method = "POST" > {{csrf_field()}} < input type = "text" name = "username" placeholder = "Username" > < input type = "password" name = "password" placeholder = "Password" > < input type = "submit" name = "submit" value = "Submit" > < / form > < / section > < / body > < / html >

csrf_token(): this function just produces a random string. This function does not generate a hidden input field.Note:HTML input must be written explicitly. This function must be written inside double curly braces.

• Syntax:

  < form method = "POST" >  ..... ..... < / form > 

• Example : < html > < head > < title > Laravel | CSRF Protection < / title > < / head > < body > < section > < h1 > CSRF Protected HTML Form < / h1 > < form method = "POST" > < input type = "hidden" name = "_ token" value = "{{csrf_token()}}" > < input type = "text" name = "username" placeholder = "Username" > < input type = "password" name = "password" placeholder = "Password" > < input type = "submit" name = "submit" value = "Submit" > < / form > < / section > < / body > < / html >

Output data: the output will be the same for any of the above three ways to generate a CSRF token. The CSRF token field must be written / generated at the beginning of every HTML form in any of three ways in a Laravel application. Check element output: Link: https://laravel.com/docs/6.x/csrf