Avoid broad Laravel CSRF exclusions on sensitive routes | Critiq Docs

#Metadata

Rule ID: php.security.laravel-sensitive-csrf-exclusion
Severity: high
Confidence: 0.86
Languages: php
Presets: security, strict
Stability: stable
Applies to: block
Tags: csrf, laravel, php, rules-catalog, security

#Why it matters

Over-broad CSRF exemptions remove request integrity checks from high-impact authenticated actions.

#Remediation

Limit CSRF exceptions to explicitly signed webhook endpoints and avoid wildcard exclusions on authenticated user flows.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/php/php.security.laravel-sensitive-csrf-exclusion.rule.yaml.

Back to directory Open rule in repository