7

I need to post a search form from classic asp to a laravel route. I can get the csrf token from the cookie, if there is one and put it into the form, but I don't know what to do if there is no csrf cookie?

Should I open laravel route that returns new csrf token or is that a security risk?

Is the only other option to remove the route I need to post to from csrf validation?

Improve this question
5
  • 1
    Are you saying you're trying to send a post request to a Laravel app from a separate ASP.NET website? Commented Nov 3, 2015 at 18:27
  • @Bogdan yes, from a classic asp page... Commented Nov 9, 2015 at 13:29
  • if you want you can disable csrf token stackoverflow.com/questions/37806762/… Commented Dec 28, 2018 at 10:13
  • This kind of defeats the purpose of using the CSRF tokens, no? Commented Jan 24, 2019 at 17:07
  • Since you are making a cross-site request (from asp to laravel), it doesn't make sense that you use CSRF protection for this purpose. Commented Jan 31, 2019 at 13:11

2 Answers 2

Reset to default
2

You can disable CSRF protection for specific route in VerifyCsrfToken middleware, you will find $protected $except array you can add the routes that will not be checked for CSRF Token

/**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        // for example
        "form/route"
    ];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Create an API endpoint using something like tymondesigns/jwt-auth. You would then request a token first then submit your form to the API endpoint with the token.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.