Add CSRF token refresh on Login view to prevent CSRF token mismatch

2025-02-16 18:31:49 +01:00 · 2022-07-14 17:07:28 +02:00 · 2022-07-14 17:07:28 +02:00 · 27a091630c
commit 27a091630c
parent f966e506d7
2 changed files with 14 additions and 1 deletions
--- a/resources/js/views/auth/Login.vue
+++ b/resources/js/views/auth/Login.vue
@ -51,6 +51,7 @@
                }),
                isBusy: false,
                showWebauthn: this.$root.appSettings.useWebauthnAsDefault || this.$root.appSettings.useWebauthnOnly,
+                csrfRefresher: null,
            }
        },

@ -60,6 +61,10 @@
            }
        },

+        mounted: function() {
+            this.csrfRefresher = setInterval(this.refreshToken, 300000); // 5 min
+        },
+
        methods : {
            /**
             * Sign in using the login/password form
@ -128,6 +133,10 @@

                this.isBusy = false
            },
+
+            refreshToken(){
+                this.axios.get('/refresh-csrf')
+            }
        },

        beforeRouteEnter (to, from, next) {
@ -159,7 +168,7 @@
            this.$notify({
                clean: true
            })
-            
+            clearInterval(this.csrfRefresher);
            next()
        }
    }
--- a/routes/web.php
+++ b/routes/web.php
@ -55,6 +55,10 @@
    Route::delete('webauthn/credentials/{credential}', [WebAuthnManageController::class, 'delete'])->name('webauthn.credentials.delete');
 });

+Route::get('refresh-csrf', function(){
+    return csrf_token();
+});
+
 /**
 * Route for the main landing view
 */