CSRF Protection: CSRF token

CSRF token

This token is used to verify that the authenticated user is the one actually making the requests to the application. 

<form method="POST" action="https://laravel.com/profile">
    @csrf
    ...
</form>
  • You may use the @csrf Blade directive to generate the token field.
  • By default, the resources/js/bootstrap.js file registers the value of the csrf-token meta tag with the Axios HTTP library. If you are not using this library, you will need to manually configure this behavior for your application.
  • laravel automatically generates a CSRF "token" for each active user session managed by the application.

CSRF Tokens & JavaScript

By default, the resources/js/bootstrap.js file registers the value of the csrf-token meta tag with the Axios HTTP library.

Related concepts

CSRF token

CSRF Protection: CSRF token — Structure map

Clickable & Draggable!

CSRF Protection: CSRF token — Related pages:

CSRF Protection