Blog Subscribe to the feed.

Mior Muhammad Zaki Nov 10, 2014

On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

From: Laravel Development Blog

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', 'Orchestra\Foundation\Filters\VerifyCsrfToken');

Note that the token comparison has been changed from a != comparison to a !== comparison. This will prevent specially crafted JSON requests from bypassing the filter.

You also need to update to orchestra/foundation version v2.1.14 or v2.2.8 to receive the security fixes for CSRF on the administration/backend interface.

If you are using the CSRF protection feature of Laravel/Orchestra Platform, it is recommended that you apply this patch immediately.