I’m implementing post DELETE action in laravel using a hyperlink as wordpress does:
http://mysite/wp-admin/post.php?post=568&action=trash&_wpnonce=ec36bea1fd
last part of link has a wpnonce that is csrf in laravel . but laravel csrf middleware doesn’t check csrf for get requestes . is it possible to force app to check for _token?
and is it necessary ? if it isnt so why wordpress does a check for it?
Laravel add csrf check for link
Just don’t do it, use a DELETE or POST request.