1 | <?php |
||
2 | |||
3 | namespace App\Http\Middleware; |
||
4 | |||
5 | use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware; |
||
6 | use \Symfony\Component\HttpFoundation\Cookie; |
||
7 | |||
8 | class VerifyCsrfToken extends Middleware |
||
9 | { |
||
10 | /** |
||
11 | * Indicates whether the XSRF-TOKEN cookie should be set on the response. |
||
12 | * |
||
13 | * @var boolean |
||
14 | */ |
||
15 | protected $addHttpCookie = false; |
||
16 | |||
17 | /** |
||
18 | * The URIs that should be excluded from CSRF verification. |
||
19 | * |
||
20 | * @var array |
||
21 | */ |
||
22 | protected $except = [ |
||
23 | ]; |
||
24 | |||
25 | /** |
||
26 | * OVERRIDE to make adding XSRF-TOKEN cookie optional |
||
27 | * |
||
28 | * Add the CSRF token to the response cookies. |
||
29 | * |
||
30 | * @param \Illuminate\Http\Request $request Incoming request. |
||
31 | * @param \Symfony\Component\HttpFoundation\Response $response Outgoing response. |
||
32 | * @return \Symfony\Component\HttpFoundation\Response |
||
33 | */ |
||
34 | protected function addCookieToResponse($request, $response) |
||
35 | { |
||
36 | if ($this->addHttpCookie) { |
||
37 | $config = config('session'); |
||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||
38 | $response->headers->setCookie( |
||
39 | new Cookie( |
||
40 | 'XSRF-TOKEN', |
||
41 | $request->session()->token(), |
||
42 | $this->availableAt(60 * $config['lifetime']), |
||
43 | $config['path'], |
||
44 | $config['domain'], |
||
45 | $config['secure'], |
||
46 | false, |
||
47 | false, |
||
48 | $config['same_site'] ?? null |
||
49 | ) |
||
50 | ); |
||
51 | } |
||
52 | return $response; |
||
53 | } |
||
54 | } |
||
55 |