Update references to bootstrap.js X-CSRF-TOKEN behavior #5382
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This addresses a change in behaviour in a PR I have submitted at laravel/laravel#5083. It should not be considered for merging unless that PR is merged and released.This has now been merged.This PR addresses the
X-CSRF-TOKENheader no longer being automatically sent inbootstrap.js.Because we include an
XSRF-TOKENcookie, Axios has already been automatically sending anX-XSRF-TOKENheader for us on same-origin requests. This makes theX-CSRF-TOKENheader we are sending redundant.I have tried to keep the changes minimal without making any overly opinionated changes to the structure of the documentation, however, it may be worth considering restructuring
csrf.mdso that theX-XSRF-TOKENsection becomes the main section for introducing the header-based verification approaches and to also make it clear thatX-XSRF-TOKENmust be the encrypted value andX-CSRF-TOKENmust be unencrypted.