Skip to content

Commit

Permalink
Fix DecryptException with invalid X-XSRF-TOKEN (#35671)
Browse files Browse the repository at this point in the history
  • Loading branch information
@antoinelame
antoinelame committed Dec 20, 2020
1 parent 7799c5f commit 97958fb
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
View file
Expand Up @@ -3,6 +3,7 @@
namespace Illuminate\Foundation\Http\Middleware;

use Closure;
use Illuminate\Contracts\Encryption\DecryptException;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Contracts\Support\Responsable;
Expand Down Expand Up @@ -152,7 +153,11 @@ protected function getTokenFromRequest($request)
$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');

if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
$token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
try {
$token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
} catch (DecryptException $e) {
$token = '';
}
}

return $token;
Expand Down

0 comments on commit 97958fb

Please sign in to comment.