From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Wed, 24 Aug 2022 13:30:13 +0000 (+0200)
Subject: wait #5414
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=4e5fd80cef0b0a93cf397fbefaeb727d8d5f2e0c;p=fluidbook-toolbox.git

wait #5414
---

diff --git a/routes/web.php b/routes/web.php
index 262847bb0..427b88619 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -3,6 +3,7 @@
 //Route::any('{page}/{subs?}',  'PageController@catchall')
 //    ->where(['page' => '^(((?=(?!admin))(?=(?!\/)).))*$', 'subs' => '.*']);
 use App\Http\Middleware\CheckIfAdmin;
+use App\Http\Middleware\VerifyCsrfToken;
 
 Route::group([
     'prefix' => config('backpack.base.route_prefix', 'admin'),
@@ -10,7 +11,7 @@ Route::group([
     'namespace' => '\App\Http\Controllers\Admin',
 ], function () { // custom admin routes
     Route::any('tools/{tool}/{args?}', 'ToolsController@index')->where(['args' => '.*']);
-    Route::any('opentools/{tool}/{args?}', 'OpenToolsController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class]);
+    Route::any('opentools/{tool}/{args?}', 'OpenToolsController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class, VerifyCsrfToken::class]);
     Route::any('maintenance/{function}/{args?}', 'MaintenanceController@index')->where(['args' => '.*']);
     Route::any('openmaintenance/{function}/{args?}', 'OpenMaintenanceController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class]);
     Route::post('toolbox_setting', 'ToolboxSettingsController@set');