0
0
LaravelHow-ToBeginner · 3 min read

How to Use @csrf in Blade Templates for Laravel Forms

In Laravel Blade templates, use the @csrf directive inside your HTML <form> tags to add a hidden CSRF token input automatically. This token protects your form from cross-site request forgery attacks by verifying requests are from your application.
📐

Syntax

The @csrf directive is placed inside a Blade template form to generate a hidden input field with a CSRF token. This token is required for POST, PUT, PATCH, and DELETE requests to validate the form submission.

  • @csrf: Blade directive that inserts the CSRF token input.
  • Used inside <form> tags.
  • Automatically outputs: <input type="hidden" name="_token" value="csrf_token_here">.
blade
<form method="POST" action="/submit">
    @csrf
    <!-- form fields -->
    <button type="submit">Submit</button>
</form>
Output
<form method="POST" action="/submit"> <input type="hidden" name="_token" value="csrf_token_here"> <!-- form fields --> <button type="submit">Submit</button> </form>
💻

Example

This example shows a simple Blade form using @csrf to protect the form submission. When the form is submitted, Laravel checks the token to ensure the request is valid and not forged.

blade
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>CSRF Example</title>
</head>
<body>
    <form method="POST" action="/submit">
        @csrf
        <label for="name">Name:</label>
        <input type="text" id="name" name="name" required>
        <button type="submit">Send</button>
    </form>
</body>
</html>
Output
<form method="POST" action="/submit"> <input type="hidden" name="_token" value="csrf_token_here"> <label for="name">Name:</label> <input type="text" id="name" name="name" required> <button type="submit">Send</button> </form>
⚠️

Common Pitfalls

Common mistakes when using @csrf include:

  • Forgetting to add @csrf inside the form, causing Laravel to reject the request with a 419 error.
  • Placing @csrf outside the <form> tag, so the token is not submitted.
  • Using GET requests with @csrf which is unnecessary since CSRF protection applies to state-changing requests.
blade
<!-- Wrong: @csrf outside form -->
@csrf
<form method="POST" action="/submit">
    <input type="text" name="email">
    <button type="submit">Send</button>
</form>

<!-- Right: @csrf inside form -->
<form method="POST" action="/submit">
    @csrf
    <input type="text" name="email">
    <button type="submit">Send</button>
</form>
📊

Quick Reference

Remember these tips when using @csrf in Blade:

  • Always place @csrf inside your form tags.
  • Use it for POST, PUT, PATCH, DELETE requests only.
  • Laravel automatically verifies the token on form submission.
  • Without it, Laravel will reject the request with a 419 error.

Key Takeaways

Always include @csrf inside your Blade form tags to protect against CSRF attacks.
The @csrf directive generates a hidden input with a token Laravel verifies on submission.
Forgetting @csrf causes Laravel to reject the form with a 419 error.
Place @csrf only inside <form> tags, not outside.
CSRF protection is needed for POST, PUT, PATCH, and DELETE requests, not GET.

Related by keyword

How to Show Validation Errors in Blade Templates in LaravelValidationHow to Create a Laravel Project: Step-by-Step GuideGetting StartedHow to Install Laravel: Step-by-Step Guide for BeginnersGetting StartedHow to Run a Laravel Project: Step-by-Step GuideGetting StartedLaravel vs CodeIgniter: Key Differences and When to Use EachGetting Started

Up next

API Resource Controller in Laravel: What It Is and How It WorksWhat is Resource Controller in Laravel: Explanation and ExampleEloquent vs Query Builder in Laravel: Key Differences and UsageFillable vs Guarded in Eloquent: Key Differences and Usage

More in Blade Templates

How to Create a Blade Template in Laravel QuicklyHow to Pass Data to Blade Template in LaravelHow to Use @auth Directive in Laravel Blade TemplatesHow to Use Blade Syntax in Laravel Templates