CSRF Protection
Introduction
CSRF protection works very much as described in Laravel documentation. CSRF protection is on and global by default.
Form Integration
When using form builders the CSRF token is included automatically. When using custom form layouts you must use {{ form.open()|raw }}
in order to retain this automatic functionality.
If for some reason you need to include the input yourself you can use the streams plugin
to do so.
CSRF Plugin Functions{.link}
Bypassing CSRF Protection
You can exclude URIs from CSRF protection by adding it to the streams::security.csrf.except
array or by route.
Excluding URIs from CSRF Protection via Configuration{.link}
Excluding URIs from CSRF Protection via Route Variables{.link}