From f5bae6156c760545f368438198327e2609ba7bf1 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Wed, 26 Apr 2023 13:55:19 -0500
Subject: [PATCH] check for validate csrf token

---
 .../EnsureFrontendRequestsAreStateful.php     | 39 +++++++++++++------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
index 8a251901..df3ff9cd 100644
--- a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
+++ b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -19,18 +19,9 @@ public function handle($request, $next)
     {
         $this->configureSecureCookieSessions();
 
-        return (new Pipeline(app()))->send($request)->through(static::fromFrontend($request) ? array_values(array_unique([
-            function ($request, $next) {
-                $request->attributes->set('sanctum', true);
-
-                return $next($request);
-            },
-            config('sanctum.middleware.encrypt_cookies', \Illuminate\Cookie\Middleware\EncryptCookies::class),
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            config('sanctum.middleware.validate_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
-            config('sanctum.middleware.verify_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
-        ])) : [])->then(function ($request) use ($next) {
+        return (new Pipeline(app()))->send($request)->through(
+            static::fromFrontend($request) ? $this->frontendMiddleware() : []
+        )->then(function ($request) use ($next) {
             return $next($request);
         });
     }
@@ -48,6 +39,30 @@ protected function configureSecureCookieSessions()
         ]);
     }
 
+    /**
+     * Get the middleware that should be applied to requests from the "frontend".
+     *
+     * @return array
+     */
+    protected function frontendMiddleware()
+    {
+        $middleware = array_values(array_unique([
+            config('sanctum.middleware.encrypt_cookies', \Illuminate\Cookie\Middleware\EncryptCookies::class),
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            config('sanctum.middleware.validate_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
+            config('sanctum.middleware.verify_csrf_token', \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class),
+        ]));
+
+        array_unshift($middleware, function ($request, $next) {
+            $request->attributes->set('sanctum', true);
+
+            return $next($request);
+        });
+
+        return $middleware;
+    }
+
     /**
      * Determine if the given request is from the first-party application frontend.
      *