Enable CSRF for specific GET requests


#1

How can I enable protection from CSRF for specific addresses?
For example, the user navigates through the / logout? _csrf = … link and then logout (GET query).

As I understand it, Shield changes the token after it checks that everything is working. The following middleware can not get, but the global middleware does not suit me, it will check all requests. Is there a way to solve this problem? Thank you

(Google translate :grinning:)


#2

It seems I have found a way to solve this problem. And now I do not consider this a problem.

const csrf = new (use('csrf'))()
/**
* And then need do this condition
*/

if (csrf.verify(session.get('csrf-secret'), request.input('_token'))) {
  /*Do comething */
}