Why do _token and XSRF-TOKEN differ in Laravel?
问题 I don't understand why is the token for AJAX requests (XSRF-TOKEN) different from a _token that normal forms use. In addition, it's much longer. Why? And why have 2 tokens at all? Why not just use one which would be same for both ajax and normal requests? 回答1: 1 Approach, 2 Technics Laravel Uses 2 distinct Technics to prevent CSRF Attack. The Approaches are The same: to send a token (CSRF or XSRF) to The Client and Client Have to return it back in following request and there are 2 steps: