soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

csrf handling mit der korrekten middleware verbunden

Browse Source
This commit is contained in:
Codex Agent
2025-12-23 09:54:26 +01:00
parent 826e2a93ce
commit ed5c1918fc
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Exceptions/Handler.php
View File

@@ -56,7 +56,9 @@ class Handler extends ExceptionHandler
public function render($request, Throwable $e) public function render($request, Throwable $e)
{ {
if ($e instanceof TokenMismatchException) { if ($e instanceof TokenMismatchException) {
$this->logCsrfMismatch($request); $this->logCsrfMismatch($request, 'token_mismatch');
} elseif ($e instanceof HttpExceptionInterface && $e->getStatusCode() === 419) {
$this->logCsrfMismatch($request, 'http_419');
} }
if ($request->expectsJson()) { if ($request->expectsJson()) {
@@ -251,13 +253,14 @@ class Handler extends ExceptionHandler
return $throwable instanceof $className; return $throwable instanceof $className;
} }
private function logCsrfMismatch($request): void private function logCsrfMismatch($request, string $reason): void
{ {
if (! app()->environment('development')) { if (! app()->environment('development')) {
return; return;
} }
Log::warning('[CSRF] Token mismatch', [ Log::warning('[CSRF] Token mismatch', [
'reason' => $reason,
'method' => $request->method(), 'method' => $request->method(),
'path' => $request->path(), 'path' => $request->path(),
'full_url' => $request->fullUrl(), 'full_url' => $request->fullUrl(),

4
bootstrap/app.php
View File

@@ -64,6 +64,10 @@ return Application::configure(basePath: dirname(__DIR__))
]); ]);
$middleware->encryptCookies(except: ['appearance', 'sidebar_state']); $middleware->encryptCookies(except: ['appearance', 'sidebar_state']);
$middleware->validateCsrfTokens(except: [
'paddle/webhook',
'paddle/webhook*',
]);
$middleware->web(append: [ $middleware->web(append: [
\App\Http\Middleware\SetLocale::class, \App\Http\Middleware\SetLocale::class,

2
routes/web.php
View File

@@ -377,6 +377,6 @@ Route::middleware('auth')->group(function () {
}); });
Route::post('/paddle/webhook', [PaddleWebhookController::class, 'handle']) Route::post('/paddle/webhook', [PaddleWebhookController::class, 'handle'])
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]) ->withoutMiddleware([\Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class])
->middleware('throttle:paddle-webhook') ->middleware('throttle:paddle-webhook')
->name('paddle.webhook'); ->name('paddle.webhook');