[Security] Add CSRF Token

[abisz]

Secure all relevant routes with csrf token

[miclaus]

This is indeed very important ! I actually disabled the CSRF security provider, as far as I can remember, since w̷h̷e̷n̷ ̷u̷s̷i̷n̷g̷ ̷m̷o̷b̷i̷l̷e̷ the CSRF Token must be explicitly sent as a Request-Header field.

Here is the documentation on Laravel 4.2 Route Protection:
https://laravel.com/docs/4.2/security#protecting-routes

[abisz]

how can it be different on mobile?

[miclaus]

@abisz ahm, actually it's not different on mobile, just when we do "AJAX calls"

[miclaus]

... but pretty much all calls we do are "in the background, so we need to set the CSRF token, but try it to see whether it is actually needed to set the token manually or sent by POST request, i might be confusing different Laravel versions :o