From 4e5fd80cef0b0a93cf397fbefaeb727d8d5f2e0c Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Wed, 24 Aug 2022 15:30:13 +0200
Subject: [PATCH] wait #5414

---
 routes/web.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/routes/web.php b/routes/web.php
index 262847bb0..427b88619 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -3,6 +3,7 @@
 //Route::any('{page}/{subs?}',  'PageController@catchall')
 //    ->where(['page' => '^(((?=(?!admin))(?=(?!\/)).))*$', 'subs' => '.*']);
 use App\Http\Middleware\CheckIfAdmin;
+use App\Http\Middleware\VerifyCsrfToken;
 
 Route::group([
     'prefix' => config('backpack.base.route_prefix', 'admin'),
@@ -10,7 +11,7 @@ Route::group([
     'namespace' => '\App\Http\Controllers\Admin',
 ], function () { // custom admin routes
     Route::any('tools/{tool}/{args?}', 'ToolsController@index')->where(['args' => '.*']);
-    Route::any('opentools/{tool}/{args?}', 'OpenToolsController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class]);
+    Route::any('opentools/{tool}/{args?}', 'OpenToolsController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class, VerifyCsrfToken::class]);
     Route::any('maintenance/{function}/{args?}', 'MaintenanceController@index')->where(['args' => '.*']);
     Route::any('openmaintenance/{function}/{args?}', 'OpenMaintenanceController@index')->where(['args' => '.*'])->withoutMiddleware([CheckIfAdmin::class]);
     Route::post('toolbox_setting', 'ToolboxSettingsController@set');
-- 
2.39.5