Securing your application
Before you deploy your application in a hostile environment, full of merciless bots and malicious users, there are a number of security considerations that you must keep in mind. In this section, we are going to cover several common attack vectors for web applications and learn about how Laravel protects your application against them. Since a framework cannot protect you against everything, we will also look at the common pitfalls to avoid.
Cross-site request forgery
Cross-site request forgery (CSRF) attacks are conducted by targeting a URL that has side effects (that is, it is performing an action and not just displaying information). We have already partly mitigated CSRF attacks by avoiding the use of GET for routes that have permanent effects such as DELETE/cats/1, since it is not reachable from a simple link or embeddable in an <iframe> element. However, if an attacker is able to send his victim to a page that he controls, he can easily make the victim...
