You should be able to change the form field name in the form and then change the code filter.php function for how the token is checked.
Laravel seems to ignore the manual _token implementation in the form fields and readd the value like so.
<form method="POST" action="http://localhost:8000/sessions" accept-charset="UTF-8"><input name="_token" type="hidden" value="LOutMOYq80dZR15PUr5fOinoKPOgzeYTbA6dRgYn">
<input name="_token" type="hidden" value="121212">
<div>
<label for="email">Email:</label>
<input name="email" type="email" id="email">
</div>
<div>
<label for="password">Password</label>
<input name="password" type="password" value="" id="password">
</div>
<input type="submit">
</form>
Yes, I noticed that.
That means that in order to rename _token I must extend Form::open and do some magic there. Just to be clear, I intend to rename _token NOT the token's value, using the same expire behavior as it's value.
Any ideeas if this is the right path and how to proceed?
This might be something to suggest as a pull request. To allow the changing of the "_token" name, pass in a optional var in the construct, that would be default to _token, that could be used in the token function when the element is created. Problem would be the default CSRF filters, which also are set to use the _token, something to think about though.
Maybe doing the custom extending of the Formbuilder class and modifying the public function token() would work better.
You would need to overwrite the default form helper in blade to get it to use your custom one.
A couple things I found that might help,
http://stackoverflow.com/questions/22884764/laravel-extend-form-class
I have found the following _token occurrences thru laravel:
\Illuminate\Session\Store.php:89 \Illuminate\Session\Store.php:559 \Illuminate\Session\Store.php:579
\Illuminate\Html\FormBuilder.php:181
I'm guessing one is the session handler and one is the form builder helper. But after looking at FormBuilder.php, i'm not sure if this is the right file that inserts the _token into the form.
Anyway, I'll think i'll have to extend both Store.php and FormBuilder.php as I was thinking to the following design pattern:
it's basically a dynamic double validation.
Easy solution: don't use Form::open(). Just manually write the open/close tags for the form, add your token field and then use the Form facade (if still needed at all) for the rest of the inputs?
:)
I can't really grasp the extend concept. What's up with the register function?
Checkout my answer on Stackoverflow for similar question http://stackoverflow.com/questions/43169223/post-request-from-another-domain-results-tokenmismatchexception/43169355#43169355
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community