I have always found it frustrating that failing the CSRF check in Laravel 5.x throws an exception. I would rather prefer it redirect the user back to the previous page, and get them to try again. So, I modified the
VerifyCsrfToken.php middleware to do just that, in just a few lines of code.
VerifyCsrfToken.php (found in folder
App\Http\Middleware), I added the handle function that overwrites the default Laravel behaviour when the CSRF check fails. If this file doesn’t exist in your installation, the full code is included below:
On lines 22-29, I make sure unit tests, successful CSRF checks and pages that are excluded work as they should (this was taken from the original
On line 32, instead of throwing the
TokenMismatchException exception, I use the
Redirect facade to redirect the user back to the previous page, and display an error.
Note: Remember to include the
use statement for both the
Redirect facades (see lines 5-6), or you will get exceptions when running your code.
Next time the CSRF check fails, your users will get a better looking error message and the chance to retry. Here is an example of how it looks on the login page: