{"id":1839,"date":"2024-11-17T08:28:47","date_gmt":"2024-11-17T11:28:47","guid":{"rendered":"https:\/\/thiagorossi.com.br\/blog\/?p=1839"},"modified":"2025-12-04T13:05:04","modified_gmt":"2025-12-04T16:05:04","slug":"protecao-csrf-no-laravel","status":"publish","type":"post","link":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/","title":{"rendered":"Prote\u00e7\u00e3o CSRF no Laravel"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Tempo de leitura: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">minutos<\/span><\/span>\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Prote\u00e7\u00e3o CSRF no Laravel<\/strong>: O ataque <strong>Cross-Site Request Forgery (CSRF)<\/strong> \u00e9 uma vulnerabilidade s\u00e9ria onde um invasor induz um usu\u00e1rio autenticado a realizar a\u00e7\u00f5es indesejadas em uma aplica\u00e7\u00e3o web confi\u00e1vel. O <strong>Laravel 12<\/strong> implementa, por padr\u00e3o, um mecanismo de prote\u00e7\u00e3o robusto baseado em <strong>tokens<\/strong> que neutraliza essa amea\u00e7a de forma eficaz.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Neste artigo, exploraremos o conceito de CSRF e como o Laravel utiliza <em>Middlewares<\/em> e <em>Tokens<\/em> criptogr\u00e1ficos para proteger suas rotas.<\/p>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">1. \ud83d\udea8 Entendendo o Ataque CSRF<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">O CSRF explora o fato de que os navegadores enviam automaticamente <em>cookies<\/em> de sess\u00e3o (e, portanto, informa\u00e7\u00f5es de autentica\u00e7\u00e3o) com cada requisi\u00e7\u00e3o para um dom\u00ednio espec\u00edfico.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Cen\u00e1rio de Ataque:<\/strong> Um usu\u00e1rio est\u00e1 logado em seu banco (<em>site A<\/em>). Ele visita um site malicioso (<em>site B<\/em>) criado pelo atacante. O <em>site B<\/em> cont\u00e9m um formul\u00e1rio (invis\u00edvel) que envia uma requisi\u00e7\u00e3o <code>POST<\/code> para o <em>site A<\/em> (o banco), solicitando, por exemplo, uma transfer\u00eancia.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Vulnerabilidade:<\/strong> Se o <em>site A<\/em> apenas verificar a autentica\u00e7\u00e3o (o <em>cookie<\/em>), ele processar\u00e1 a requisi\u00e7\u00e3o maliciosa, pois parece vir de um usu\u00e1rio logado.<\/li>\n<\/ul>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">2. \ud83d\udd11 Como o Laravel 12 Impede o CSRF: O Token<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">A prote\u00e7\u00e3o do Laravel baseia-se na ideia de que apenas a sua aplica\u00e7\u00e3o deve saber o valor de um <strong>Token CSRF<\/strong> secreto e din\u00e2mico.<\/p>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">A. Gera\u00e7\u00e3o e Armazenamento<\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Gera\u00e7\u00e3o:<\/strong> O Laravel gera um <em>Token CSRF<\/em> <strong>\u00fanico<\/strong> para cada sess\u00e3o ativa do usu\u00e1rio.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Sess\u00e3o:<\/strong> Este token \u00e9 armazenado na <strong>sess\u00e3o<\/strong> do usu\u00e1rio (servidor).<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Campo Oculto:<\/strong> O token tamb\u00e9m \u00e9 injetado como um <strong>campo oculto<\/strong> (input type=&#8221;hidden&#8221;) em todos os formul\u00e1rios Blade ou via <em>header<\/em> em requisi\u00e7\u00f5es AJAX.<\/li>\n<\/ol>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">B. O Middleware <code>VerifyCsrfToken<\/code><\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Toda requisi\u00e7\u00e3o que modifica o estado (POST, PUT, PATCH, DELETE) que passa pelo grupo de rotas <code>web<\/code> \u00e9 interceptada pelo <em>Middleware<\/em> <strong><code>App\\Http\\Middleware\\VerifyCsrfToken<\/code><\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Verifica\u00e7\u00e3o:<\/strong> O <em>Middleware<\/em> compara o token enviado na requisi\u00e7\u00e3o (via campo ou <em>header<\/em>) com o token armazenado na sess\u00e3o.<\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Rejei\u00e7\u00e3o:<\/strong> Se os tokens <strong>n\u00e3o coincidirem<\/strong>, o <em>Middleware<\/em> rejeita a requisi\u00e7\u00e3o, retornando um erro <strong>HTTP 419 Page Expired<\/strong> (ou <em>Token Mismatch<\/em>), impedindo o ataque.<\/li>\n<\/ul>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">3. \ud83d\udee0\ufe0f Implementando a Prote\u00e7\u00e3o (Blade e AJAX)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">A. Em Formul\u00e1rios HTML (Blade Directive)<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">O m\u00e9todo mais simples \u00e9 usar a <em>Blade Directive<\/em> <strong><code>@csrf<\/code><\/strong> dentro do seu formul\u00e1rio.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">HTML<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;form method=\"POST\" action=\"\/transfer\"&gt;\n    @csrf &lt;button type=\"submit\"&gt;Transferir Fundos&lt;\/button&gt;\n&lt;\/form&gt;\n<\/code><\/pre>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">B. Em Requisi\u00e7\u00f5es AJAX (Meta Tag e Header)<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Para requisi\u00e7\u00f5es JavaScript (AJAX), o token n\u00e3o \u00e9 enviado automaticamente. Voc\u00ea deve inclu\u00ed-lo no <em>Header<\/em> da requisi\u00e7\u00e3o (<code>X-CSRF-TOKEN<\/code>).<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>Crie a Meta Tag (no <code>&lt;head><\/code> do seu HTML):<\/strong>HTML<code>&lt;meta name=\"csrf-token\" content=\"{{ csrf_token() }}\"><\/code><\/li>\n\n\n\n<li class=\"has-medium-font-size\"><strong>Configure o Cliente AJAX (Exemplo com jQuery, ou similar em Fetch\/Axios):<\/strong>JavaScript<code>\/\/ Define um header padr\u00e3o para todas as requisi\u00e7\u00f5es AJAX $.ajaxSetup({ headers: { 'X-CSRF-TOKEN': $('meta[name=\"csrf-token\"]').attr('content') } });<\/code><\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Com essa configura\u00e7\u00e3o, toda requisi\u00e7\u00e3o AJAX POST\/PUT\/DELETE incluir\u00e1 o token e passar\u00e1 na verifica\u00e7\u00e3o.<\/p>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">4. \ud83d\udcdd Exce\u00e7\u00f5es \u00e0 Verifica\u00e7\u00e3o<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Embora a prote\u00e7\u00e3o CSRF seja vital, certas rotas que recebem dados de fontes externas (como <em>webhooks<\/em> de terceiros, APIs de pagamento ou notifica\u00e7\u00f5es) <strong>n\u00e3o ter\u00e3o o token de sess\u00e3o do Laravel<\/strong> e, portanto, precisam ser exclu\u00eddas da verifica\u00e7\u00e3o.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Voc\u00ea define estas exce\u00e7\u00f5es no <em>Middleware<\/em> <strong><code>App\\Http\\Middleware\\VerifyCsrfToken<\/code><\/strong>:<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">PHP<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ app\/Http\/Middleware\/VerifyCsrfToken.php\nprotected $except = &#91;\n    \/\/ Rotas de webhooks que n\u00e3o precisam de token CSRF\n    'payment\/hotmart\/webhook',\n    \n    \/\/ Todas as rotas que come\u00e7am com 'api\/' tamb\u00e9m s\u00e3o exclu\u00eddas\n    \/\/ por padr\u00e3o, pois rotas de API n\u00e3o usam sess\u00f5es (stateless)\n    \/\/ Se voc\u00ea estiver usando o grupo de rotas 'api', esta exclus\u00e3o\n    \/\/ n\u00e3o \u00e9 estritamente necess\u00e1ria, mas \u00e9 uma boa pr\u00e1tica para\n    \/\/ webhooks que caem no grupo 'web'.\n];\n<\/code><\/pre>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">\u2705 Conclus\u00e3o Prote\u00e7\u00e3o CSRF no Laravel<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Prote\u00e7\u00e3o CSRF no Laravel: A prote\u00e7\u00e3o CSRF \u00e9 um recurso de seguran\u00e7a habilitado por padr\u00e3o e gerenciado pelo <em>Middleware<\/em> <code>VerifyCsrfToken<\/code>. Ao garantir que o <strong>Token CSRF<\/strong> da sess\u00e3o corresponda ao token enviado na requisi\u00e7\u00e3o, o Laravel impede que requisi\u00e7\u00f5es maliciosas enviadas de outros dom\u00ednios sejam processadas, mantendo a integridade e a seguran\u00e7a das a\u00e7\u00f5es dos seus usu\u00e1rios autenticados. \u00c9 fundamental usar a diretiva <code>@csrf<\/code> em todos os seus formul\u00e1rios Blade e configurar corretamente as requisi\u00e7\u00f5es AJAX.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">Mas antes de dominar o Laravel, se for o seu caso, toda jornada tem um in\u00edcio. Vamos entender quais s\u00e3o os conhecimentos b\u00e1sicos necess\u00e1rios para aproveitar ao m\u00e1ximo este poderoso framework. Para iniciar seus estudos no Laravel, voc\u00ea precisar\u00e1 dominar as seguintes tecnologias:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"\/category\/html\"><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"426\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/html.webp\" alt=\"HTML\" class=\"wp-image-600\" srcset=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/html.webp 758w, https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/html-300x169.webp 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption class=\"wp-element-caption\">HTML<\/figcaption><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"\/category\/css\"><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"426\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/Capa-Artigos-Linux.webp\" alt=\"CSS\" class=\"wp-image-702\" srcset=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/Capa-Artigos-Linux.webp 758w, https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/Capa-Artigos-Linux-300x169.webp 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption class=\"wp-element-caption\">CSS<\/figcaption><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"\/category\/javascript\"><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"426\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/javascript.webp\" alt=\"Javascript\" class=\"wp-image-804\" srcset=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/javascript.webp 758w, https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/javascript-300x169.webp 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption class=\"wp-element-caption\">JavaScript<\/figcaption><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"\/category\/sql\"><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"426\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/05\/Capa-Artigos-2.webp\" alt=\"SQL\" class=\"wp-image-942\" srcset=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/05\/Capa-Artigos-2.webp 758w, https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/05\/Capa-Artigos-2-300x169.webp 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption class=\"wp-element-caption\">SQL<\/figcaption><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"\/category\/php\"><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"426\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Capa-PHP.png\" alt=\"Capa Curso PHP\" class=\"wp-image-2835\" srcset=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Capa-PHP.png 758w, https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Capa-PHP-300x169.png 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\" \/><\/a><figcaption class=\"wp-element-caption\">PHP<\/figcaption><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">E se voc\u00ea gosta do nosso conte\u00fado, n\u00e3o deixe de contribuir adquirindo os servi\u00e7os e produtos dos nossos apoiadores e empresas que somos associados:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/hostinger.com.br\/?REFERRALCODE=1THIAGO62\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"250\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/03\/hostinger.png\" alt=\"Hospedagem Hostinger\" class=\"wp-image-92\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/amzn.to\/3SNDYlc\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"250\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/08\/ofertas-amazon.webp\" alt=\"Ofertas Amazon\" class=\"wp-image-1308\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/amzn.to\/3SNKmt0\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"250\" src=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/08\/amazonprime.webp\" alt=\"Amazon Prime\" class=\"wp-image-1307\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Tempo de leitura: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">minutos<\/span><\/span>Prote\u00e7\u00e3o CSRF no Laravel: O ataque Cross-Site Request Forgery (CSRF) \u00e9 uma vulnerabilidade s\u00e9ria onde&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1642,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-1839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-laravel","wpcat-18-id"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI<\/title>\n<meta name=\"description\" content=\"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI\" \/>\n<meta property=\"og:description\" content=\"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/\" \/>\n<meta property=\"og:site_name\" content=\"BLOG THIAGO ROSSI\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-17T11:28:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-04T16:05:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"758\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Thiago Rossi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thiago Rossi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/\"},\"author\":{\"name\":\"Thiago Rossi\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/5f28286948ec2afdeb2e044a2196cd87\"},\"headline\":\"Prote\u00e7\u00e3o CSRF no Laravel\",\"datePublished\":\"2024-11-17T11:28:47+00:00\",\"dateModified\":\"2025-12-04T16:05:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/\"},\"wordCount\":692,\"publisher\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Laravel.webp\",\"articleSection\":[\"Laravel\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/\",\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/\",\"name\":\"Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Laravel.webp\",\"datePublished\":\"2024-11-17T11:28:47+00:00\",\"dateModified\":\"2025-12-04T16:05:04+00:00\",\"description\":\"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Laravel.webp\",\"contentUrl\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Laravel.webp\",\"width\":758,\"height\":426,\"caption\":\"Laravel\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/protecao-csrf-no-laravel\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Prote\u00e7\u00e3o CSRF no Laravel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/\",\"name\":\"THIAGO ROSSI\",\"description\":\"Mais de 20 anos de experi\u00eancia no mercado de TI!\",\"publisher\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#organization\"},\"alternateName\":\"TR | CURSO WEB DEV\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#organization\",\"name\":\"THIAGO ROSSI\",\"alternateName\":\"TR | CURSO WEB DEV\",\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/new-logo.webp\",\"contentUrl\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/new-logo.webp\",\"width\":300,\"height\":300,\"caption\":\"THIAGO ROSSI\"},\"image\":{\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/linkedin.com\\\/in\\\/thiagox86\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/5f28286948ec2afdeb2e044a2196cd87\",\"name\":\"Thiago Rossi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g\",\"caption\":\"Thiago Rossi\"},\"description\":\"Com mais de 20 anos de jornada na tecnologia, minha trajet\u00f3ria evoluiu do ensino t\u00e9cnico \u00e0 arquitetura de sistemas complexos. Hoje, foco minha expertise no desenvolvimento de solu\u00e7\u00f5es de Intelig\u00eancia Artificial nativa e an\u00e1lise de dados p\u00fablicos, utilizando o ecossistema PHP para transformar dados brutos em transpar\u00eancia e efici\u00eancia. Como autor e desenvolvedor, acredito na democratiza\u00e7\u00e3o do conhecimento. Essa vis\u00e3o resultou em uma biblioteca de mais de 530 artigos gratuitos, cobrindo desde a base do WebDev e Infraestrutura at\u00e9 os bastidores da ind\u00fastria de Jogos e IA. No universo de Game Design, sou autor do livro \\\"GDD \u2013 O Guia Definitivo\\\" e documento ativamente meus processos atrav\u00e9s de DevLogs, unindo rigor t\u00e9cnico e criatividade em projetos desenvolvidos com GDevelop 5. Meu compromisso \u00e9 conectar engenharia de ponta com as reais oportunidades do mercado de tecnologia.\",\"sameAs\":[\"https:\\\/\\\/thiagorossi.com.br\\\/blog\",\"https:\\\/\\\/instagram.com\\\/thiagorossix86\",\"https:\\\/\\\/linkedin.com\\\/in\\\/thiagox86\"],\"url\":\"https:\\\/\\\/thiagorossi.com.br\\\/blog\\\/author\\\/thiagorossi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI","description":"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/","og_locale":"pt_BR","og_type":"article","og_title":"Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI","og_description":"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.","og_url":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/","og_site_name":"BLOG THIAGO ROSSI","article_published_time":"2024-11-17T11:28:47+00:00","article_modified_time":"2025-12-04T16:05:04+00:00","og_image":[{"width":758,"height":426,"url":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp","type":"image\/webp"}],"author":"Thiago Rossi","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Thiago Rossi","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#article","isPartOf":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/"},"author":{"name":"Thiago Rossi","@id":"https:\/\/thiagorossi.com.br\/blog\/#\/schema\/person\/5f28286948ec2afdeb2e044a2196cd87"},"headline":"Prote\u00e7\u00e3o CSRF no Laravel","datePublished":"2024-11-17T11:28:47+00:00","dateModified":"2025-12-04T16:05:04+00:00","mainEntityOfPage":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/"},"wordCount":692,"publisher":{"@id":"https:\/\/thiagorossi.com.br\/blog\/#organization"},"image":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#primaryimage"},"thumbnailUrl":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp","articleSection":["Laravel"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/","url":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/","name":"Prote\u00e7\u00e3o CSRF no Laravel - BLOG THIAGO ROSSI","isPartOf":{"@id":"https:\/\/thiagorossi.com.br\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#primaryimage"},"image":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#primaryimage"},"thumbnailUrl":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp","datePublished":"2024-11-17T11:28:47+00:00","dateModified":"2025-12-04T16:05:04+00:00","description":"Prote\u00e7\u00e3o CSRF no Laravel: Neste artigo, vamos explorar o conceito de CSRF, como ele funciona e como o Laravel o previne.","breadcrumb":{"@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#primaryimage","url":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp","contentUrl":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/11\/Laravel.webp","width":758,"height":426,"caption":"Laravel"},{"@type":"BreadcrumbList","@id":"https:\/\/thiagorossi.com.br\/blog\/protecao-csrf-no-laravel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thiagorossi.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"Prote\u00e7\u00e3o CSRF no Laravel"}]},{"@type":"WebSite","@id":"https:\/\/thiagorossi.com.br\/blog\/#website","url":"https:\/\/thiagorossi.com.br\/blog\/","name":"THIAGO ROSSI","description":"Mais de 20 anos de experi\u00eancia no mercado de TI!","publisher":{"@id":"https:\/\/thiagorossi.com.br\/blog\/#organization"},"alternateName":"TR | CURSO WEB DEV","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thiagorossi.com.br\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/thiagorossi.com.br\/blog\/#organization","name":"THIAGO ROSSI","alternateName":"TR | CURSO WEB DEV","url":"https:\/\/thiagorossi.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/thiagorossi.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/new-logo.webp","contentUrl":"https:\/\/thiagorossi.com.br\/blog\/wp-content\/uploads\/2024\/04\/new-logo.webp","width":300,"height":300,"caption":"THIAGO ROSSI"},"image":{"@id":"https:\/\/thiagorossi.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/linkedin.com\/in\/thiagox86"]},{"@type":"Person","@id":"https:\/\/thiagorossi.com.br\/blog\/#\/schema\/person\/5f28286948ec2afdeb2e044a2196cd87","name":"Thiago Rossi","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bb28b4665f4162bab9fbef8db5a7f00597f79ab90ece9a67189bb6bce78d5786?s=96&d=retro&r=g","caption":"Thiago Rossi"},"description":"Com mais de 20 anos de jornada na tecnologia, minha trajet\u00f3ria evoluiu do ensino t\u00e9cnico \u00e0 arquitetura de sistemas complexos. Hoje, foco minha expertise no desenvolvimento de solu\u00e7\u00f5es de Intelig\u00eancia Artificial nativa e an\u00e1lise de dados p\u00fablicos, utilizando o ecossistema PHP para transformar dados brutos em transpar\u00eancia e efici\u00eancia. Como autor e desenvolvedor, acredito na democratiza\u00e7\u00e3o do conhecimento. Essa vis\u00e3o resultou em uma biblioteca de mais de 530 artigos gratuitos, cobrindo desde a base do WebDev e Infraestrutura at\u00e9 os bastidores da ind\u00fastria de Jogos e IA. No universo de Game Design, sou autor do livro \"GDD \u2013 O Guia Definitivo\" e documento ativamente meus processos atrav\u00e9s de DevLogs, unindo rigor t\u00e9cnico e criatividade em projetos desenvolvidos com GDevelop 5. Meu compromisso \u00e9 conectar engenharia de ponta com as reais oportunidades do mercado de tecnologia.","sameAs":["https:\/\/thiagorossi.com.br\/blog","https:\/\/instagram.com\/thiagorossix86","https:\/\/linkedin.com\/in\/thiagox86"],"url":"https:\/\/thiagorossi.com.br\/blog\/author\/thiagorossi\/"}]}},"_links":{"self":[{"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/comments?post=1839"}],"version-history":[{"count":1,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1839\/revisions"}],"predecessor-version":[{"id":5147,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1839\/revisions\/5147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/media\/1642"}],"wp:attachment":[{"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/media?parent=1839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/categories?post=1839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thiagorossi.com.br\/blog\/wp-json\/wp\/v2\/tags?post=1839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}