Laravel csrf not verified

laravel-csrf-not-verified

The application appears to have disabled the CSRF token verification middleware which can lead to a Cross-site request forgery (CSRF) vulnerability. If the application uses cookie-based authentication, an attacker can trick users into sending authenticated HTTP requests without their knowledge from any arbitrary domain they visit. You can prevent this vulnerability by enforcing usage and verification of the CSRF tokens associated with user requests. To enable the CSRF token verification middleware add \$APP\Http\Middleware\VerifyCsrfToken to the middleware group in your $APP\Http\Kernel class.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

Laravel cookie not encrypted Laravel direct response write

⌘I

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

CLI

Rule Reference

Resources

Laravel csrf not verified