check for validate csrf token

laravel · Apr 26, 2023 · f5bae61 · f5bae61 · andreladocruz · Apr 27, 2023
1 parent bbcb052
commit f5bae61
Showing 1 changed file with 27 additions and 12 deletions.
diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -19,18 +19,9 @@ public function handle($request, $next)
     {
         $this->configureSecureCookieSessions();
 
-        return (new Pipeline(app()))->send($request)->through(static::fromFrontend($request) ? array_values(array_unique([
-            function ($request, $next) {
-                $request->attributes->set('sanctum', true);
-
-                return $next($request);
-            },
-            config('sanctum.middleware.encrypt_cookies', \Illuminate\Cookie\Middleware\EncryptCookies::class),
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            config('sanctum.middleware.validate_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
-            config('sanctum.middleware.verify_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
-        ])) : [])->then(function ($request) use ($next) {
+        return (new Pipeline(app()))->send($request)->through(
+            static::fromFrontend($request) ? $this->frontendMiddleware() : []
+        )->then(function ($request) use ($next) {
             return $next($request);
         });
     }
@@ -48,6 +39,30 @@ protected function configureSecureCookieSessions()
         ]);
     }
 
+    /**
+     * Get the middleware that should be applied to requests from the "frontend".
+     *
+     * @return array
+     */
+    protected function frontendMiddleware()
+    {
+        $middleware = array_values(array_unique([
+            config('sanctum.middleware.encrypt_cookies', \Illuminate\Cookie\Middleware\EncryptCookies::class),
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            config('sanctum.middleware.validate_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
+            config('sanctum.middleware.verify_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
+        ]));
+
+        array_unshift($middleware, function ($request, $next) {
+            $request->attributes->set('sanctum', true);
+
+            return $next($request);
+        });
+
+        return $middleware;
+    }
+
     /**
      * Determine if the given request is from the first-party application frontend.
      *