Support the ongoing development of Laravel.io →
Security Session Forms
Last updated 7 months ago.
0

I cannot think of any downfall in this case. But I prefer to put in in the head as meta tag.

Last updated 7 months ago.
0

Yea, I have a meta tag in the master view for my apps so the csrfToken is always available. Most of my app a using ajax calls, so my JS yanks the meta value into a top level property in my app js module that can be accessed anywhere in my code.

I don't really see a down fall to having it in there. It changes every reload so I don't think there is a major security concern with it. Who knows though, maybe there is, but for now I think it's fine.

This is whats in the head of my master template:

<meta name="csrf_token" content="{{ csrf_token() }}">
Last updated 7 months ago.
0

so on your ajax calls you just define

data: { csrf_token: $('[name="csrf_token"]').attr('content') }
Last updated 7 months ago.
0

I just posted a question to Stack Overflow (http://stackoverflow.com/q/41596534/96233) about adding a

<script>
    var csrfToken = {{ tokenValue }}
</script>

in a Go server. I can't think of any security issues with this, but I am not a security expert.

0

Sign in to participate in this thread!

LaraJobs

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.