From 4d0de14b4509783ed25a8b80b9bcb01c3a7e5883 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Thu, 9 Oct 2014 21:50:52 -0500
Subject: [PATCH] tweaks CSRF filter.

---
 app/Http/Middleware/CsrfMiddleware.php | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/app/Http/Middleware/CsrfMiddleware.php b/app/Http/Middleware/CsrfMiddleware.php
index 0b81362e..cfbe95fb 100644
--- a/app/Http/Middleware/CsrfMiddleware.php
+++ b/app/Http/Middleware/CsrfMiddleware.php
@@ -15,12 +15,23 @@ class CsrfMiddleware implements Middleware {
 	 */
 	public function handle($request, Closure $next)
 	{
-		if ($request->session()->token() != $request->input('_token'))
+		if ($request->method == 'GET' || $this->tokensMatch($request))
 		{
-			throw new TokenMismatchException;
+			return $next($request);
 		}
 
-		return $next($request);
+		throw new TokenMismatchException;
+	}
+
+	/**
+	 * Determine if the session and input CSRF tokens match.
+	 *
+	 * @param  \Illuminate\Http\Request  $request
+	 * @return bool
+	 */
+	protected function tokensMatch($request)
+	{
+		return $request->session()->token() != $request->input('_token');
 	}
 
 }