How to re enable csrf ?

[bmpf]

How can i re enable csrf ?

I already uncommented the lines in the App\Http\Kernel but I still can make post requests with postman without the csrf field in the header.

[bmpf]

I think this ll solve it maybe :/ ?

'api' => [
'throttle:60,1',
'bindings',
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],

[cretueusebiu]

You don't have to use a csrf token with this template because it uses a token when making a request to the server.

[bmpf]

I have a couple of forms that you dont need to be logged in order to send them. I can 'abuse' them via script or postman with constant fake posts requests.
All I put in the headers are the Accept Key. And nothing else.

[bmpf]

is there a guest Bearer ?

[cretueusebiu]

I think you can enable back all the middleware.
I've disabled them because it as it is now you don't need them.
But if you have some other pages where you need csrf token, you can enable all of them back.

[bmpf]

How can i enable them back ?

01 - I already uncommented the lines in the App\Http\Kernel

02 - Added the meta to index.blade.php header <meta name="csrf-token" content="{{ csrf_token() }}">

03 - The cookies are being sent with the form :

04 - The X-XSRF-TOKEN too :

But I can still make fake requests with postman . In other words , the csrf token its not validated :/
Did you disable something else ?

[bmpf]

I think I ll use something like google recaptcha