#@csrf token being exposed on URL ⚠

4 messages · Page 1 of 1 (latest)

tired sail
#

For some reason my csrf token seems to be displayed on the url when I click one of these buttons -

    {{-- Left sidebar --}}
    <div class="absolute w-56 left-0">
        <!-- header logo text-->
        <p class="font-lobster text-4xl ml-4">Friendly</p>

        <form class="m-0" action="{{ route("feed") }}" method="get">
            @csrf
        <button class="w-full hover:bg-gray-100 py-2 px-4 mt-3 rounded inline-flex items-center">
          <span>Home</span>
        </button>
        </form>

        <button class="w-full hover:bg-gray-100 py-2 px-4 mt-3 rounded inline-flex items-center">

            <span>Dark Mode</span>
        </button>

        <form class="m-0" action="{{ route("profile") }}" method="get">
            @csrf
        <button class="w-full hover:bg-gray-100 py-2 px-4 mt-3 rounded inline-flex items-center">
          <span>Profile</span>
        </button>
        </form>

        <form class="m-0" action="{{ route("logout") }}" method="post">
            @csrf
            <button class="w-full hover:bg-gray-100 hover:text-red-500 py-2 px-4 mt-3 rounded inline-flex items-center">

          <span>Logout</span>
        </button>
        </form>
    </div>
#

@csrf token being exposed on URL ⚠

white frost
#

Because you're sending them as a GET request.

tight vapor