function submitted() { if (parent::submitted() && isset($_POST['_csrf'])) { return Csrf::check($_POST['_csrf'], $this->intent); } else { return False; } }
/** * Admin actions */ Route::action('auth', function () { if (Auth::guest()) { return Response::redirect('admin/login'); } }); Route::action('guest', function () { if (Auth::user()) { return Response::redirect('admin/accueil'); } }); Route::action('csrf', function () { if (Request::method() == 'POST') { if (!Csrf::check(Input::get('token'))) { Notify::error(array('Invalid token')); return Response::redirect('admin/login'); } } }); /** * Admin routing */ Route::get('admin', function () { if (Auth::guest()) { return Response::redirect('admin/login'); } return Response::redirect('admin/accueil'); }); /*
/* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { if (Request::isMethod('get') || Request::isMethod('options')) { return; } // throws exception if token invalid Csrf::check(); }); /* |-------------------------------------------------------------------------- | X-Frame-Options Header Filter |-------------------------------------------------------------------------- | | Prevents pages being loaded in an iframe. | */ Route::filter('setXFrameOptionsHeader', function ($route, $request, $response) { if (method_exists($response, "header")) { $response->header("X-Frame-Options", "deny"); } }); /*