[1.x] XCRF token are ignored.
ildyria opened this issue · 0 comments
ildyria commented
PHP & Platform
8.1.5 - Debian
Laravel version
9.2
Authenticator type
No response
OS and Browser versions
No response
Have you done this?
- I am willing to share my stack trace and logs
- I can reproduce this bug in isolation (vanilla Laravel install)
- I can suggest a workaround as a Pull Request
Expectation
CSRF are not always provided, sometimes a XCRF token is provided in the cookies headers. Those should be supported.
Description
Larapass was supporting XCRF tokens:
https://github.com/DarkGhostHunter/Larapass/blob/master/resources/js/larapass.js#L85
Reproduction
Use Laragear with any Laravel installation without using @csrf in meta or form.
Stack trace & logs
No response
Attestation / Assertion objects
No response
Are you a Patreon supporter?
No, don't give priority to this