I know nothing about CSRF attacks, but I know that in Laravel we are supposed to include a hidden CSRF token field in the form:
<form method="POST" action="/profile">
...
</form>
Should we use include it in the forms with method="GET"?
<form method="GET" action="/search">
...
</form>
For example, I have a search input (form) with the method="GET" - so everything will be visible in the URL, including CSRF token... and that's not problem for me at all, but I'm just unsure does it make sense to have it in the "GET" forms?
via PeraMika
