Level 1
the token should not be append when using get and for builder. Are you doing manual form ?
Jan 7, 2016
4
Level 1
Hide token in GET form
Hi everybody, I have a GET form with token hidden field.
The problem is the result of the form, that does have the token field in the url.
How can I hide it?
Thanks
Level 1
This is the code:
<form method="GET" action="{{ URL::route('main_search') }}" name="do_main_search">
{!! csrf_field() !!}
...
should I remove the field?
Level 41
Generally CSRF is used to protect routes that make changes to database, so a GET request (probably) doesn't need one. In either case, whether in the URL or in the HTML, it's easy enough to get the token. I wouldn't be overly concerned about it.
2 likes
Level 1
Ok, thanks.
Please or to participate in this conversation.