CSRF Protection

Introduction

CSRF protection works very much as described in Laravel documentation. CSRF protection is on and global by default.

Form Integration

When using form builders the CSRF token is included automatically. When using custom form layouts you must use {{ form.open()|raw }} in order to retain this automatic functionality.

If for some reason you need to include the input yourself you can use the streams plugin to do so.

CSRF Plugin Functions

Bypassing CSRF Protection

You can exclude URIs from CSRF protection by adding it to the streams::security.csrf.except array or by route.

Excluding URIs from CSRF Protection via Configuration

Excluding URIs from CSRF Protection via Route Variables