From e730ffd32136c77fc0ebaac9c99181488dc6450e Mon Sep 17 00:00:00 2001 From: Jess Archer Date: Tue, 20 Aug 2019 23:08:09 +1000 Subject: [PATCH] Remove manual adding of X-CSRF-TOKEN header This is unnessecery code because Axios already automatically adds a X-XSRF-TOKEN header from the XSRF-TOKEN cookie encrypted value on same-origin requests. The `VerifyCsrfToken` middleware and Passport's `TokenGuard` already allow using the `X-XSRF-TOKEN` header. --- resources/js/bootstrap.js | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/resources/js/bootstrap.js b/resources/js/bootstrap.js index 7b579cb017e..8eaba1b97dd 100644 --- a/resources/js/bootstrap.js +++ b/resources/js/bootstrap.js @@ -23,20 +23,6 @@ window.axios = require('axios'); window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'; -/** - * Next we will register the CSRF Token as a common header with Axios so that - * all outgoing HTTP requests automatically have it attached. This is just - * a simple convenience so we don't have to attach every token manually. - */ - -let token = document.head.querySelector('meta[name="csrf-token"]'); - -if (token) { - window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content; -} else { - console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token'); -} - /** * Echo exposes an expressive API for subscribing to channels and listening * for events that are broadcast by Laravel. Echo and event broadcasting