Laravel CSRF-Token in View

CSRF (Cross Site Request Forgery) attacks are a type of malicious attack where a user's session is exploited to perform an unwanted action on a website. This can lead to data theft, website defacements, and other serious consequences.

To prevent CSRF attacks in a Laravel application, Laravel provides a built-in CSRF protection mechanism. This mechanism involves generating a CSRF token for each user session and verifying this token for each request that modifies data in the application.

The CSRF token is a random string generated by Laravel that is unique to each user session. This token is then added to the HTML form as a hidden field, and it is also included in any AJAX requests made by the application.

To access the CSRF token in a Laravel view, you can use the csrf_token() helper function. This function returns the current user's CSRF token, which can be used adding to HTML form as a hidden field or including in an AJAX request.

Here is an example of including the CSRF token in an HTML form:

<form method="POST" action="/some-route">
    @csrf
    <!-- other form fields go here -->
    <button type="submit">Submit Form</button>
</form>

In this example, the @csrf directive generates a hidden input field with the name _token and the value of the current CSRF token for the user's session.

Here is how you can access the CSRF token in a JavaScript code:

var csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');

In this example, the CSRF token is retrieved from a <meta> tag with the name csrf-token, which is automatically generated by Laravel in the application's main layout file. This tag includes the value of the current CSRF token for the user's session.

By using Laravel's built-in CSRF protection mechanism and including the CSRF token in HTML forms and AJAX requests, you can significantly reduce the risk of your application being affected by CSRF attacks.

Reference: https://laravel.com/docs/8.x/csrf