There is some option on Laravel that we allow Laravel to create a token and test it on server side to pull up CSRF attacks.
I found this on Laravel website, But didn't say how to check from Controller that is an attack or from a native and real page.
How to check the token (CSRF) on controller?
Assuming you use laravel 4.x:
You don't need to check this in your controller. defining the before parameter tells laravel to check this automaticly.
Route::post('profile', array('before' => 'csrf', function(){
/* CSRF validated! */
}));
If you want to do something when the token is incorrect, you can change the filter in app/filters.php. This one:
Route::filter('csrf', function()
{
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
In Laravel 5 middleware replaces filters. This is also true for CSRF. The middleware is enabled by default and is handled in App\Http\Middleware\VerifyCsrfToken.
It can be disabled by removing App\Http\Middleware\VerifyCsrfToken in App\Http\Kernel. And if moved to $routeMiddleware...
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'csrf' => 'App\Http\Middleware\VerifyCsrfToken',
];
... it can be used conditionally by adding it to a route:
Route::post('foo', ['middleware' => 'csrf', 'uses' => 'BarController@foo']);
Or in the controllers constructor:
public function __construct(){
$this->middleware('csrf');
}