Laravel Sanctum GET csrf token #34924
-
|
I was reading through the Laravel Sanctum docs and it looks like for a SPA, they recommend using a GET request to get the csrf token. Is that secure? It seems like it defeats the purpose of a csrf token bc one could just make a get request, obtain the token and then attach it to a post request. I'm not 100% sure about this but it seems like the csrf token should be put into the html of the SPA upon first page request. That's how I understand csrf tokens working securely. Any answers are appreciated! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
This is the same as getting the token with a GET request, since that IS what that is too, it's just in the html. ;) |
Beta Was this translation helpful? Give feedback.
-
|
Totally makes sense, thanks! |
Beta Was this translation helpful? Give feedback.
This is the same as getting the token with a GET request, since that IS what that is too, it's just in the html. ;)