This is the best and the simplest solution:

这是最好和最简单的解决方案：

Route::when('*', 'csrf', array('post'));

No need to group routes or to mess with constructors.

无需对路由进行分组或与构造函数混淆。

You can use route groups. This will apply the specified options to any routes defined in a group:

您可以使用路由组。这会将指定的选项应用于组中定义的任何路由：

Route::group(array('before' => 'csrf'), function()
{
    Route::post('/', function()
    {
    // Has CSRF Filter
    });

    Route::post('user/profile', function()
    {
    // Has CSRF Filter
    });

    Route::post(....);
});

For certain routes, or if grouping isn't what you want, you can also use a pattern filter:

对于某些路由，或者如果分组不是您想要的，您还可以使用模式过滤器：

//all routes beginning with admin, sent via a post http request will use the csrf filter
Route::when('admin/*', 'csrf', array('post'));

NOTE: this code would go in your routes.php file

注意：此代码将在您的 routes.php 文件中

In my BaseController I have this:

在我的 BaseController 中，我有这个：

public function __construct()
{
    $this->beforeFilter('csrf', array('on' => array('post', 'delete', 'put')));
    $this->beforeFilter('ajax', array('on' => array('delete', 'put')));
}

Having such App::beforefilter is an interesting approach but I don't know which is better?

拥有这样的App::before过滤器是一种有趣的方法，但我不知道哪个更好？

For some reason putting

出于某种原因把

$this->beforeFilter('csrf', array('on' => array('post', 'delete', 'put')));

into BaseController.php didn't work for me; I did the test with fake tokens. So i came with the following solution:

进入 BaseController.php 对我不起作用；我用假令牌进行了测试。所以我提出了以下解决方案：

routes.php:

路线.php：

Route::group(array('before' => 'csrf'), function() {
    Route::resource('areas', 'AreaController');
    Route::resource('usuarios', 'UsuarioController');
    // ... more stuff
});

filters.php (csrf filter section):

过滤器.php（csrf过滤器部分）：

Route::filter('csrf', function()
{
    if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
        if (Session::token() != Input::get('_token'))
        {
            throw new Illuminate\Session\TokenMismatchException;
        }
    }
});

That did the trick for me.

那对我有用。

This will allow you to apply CSRF to all forms across all pages of your app

这将允许您将 CSRF 应用于应用程序所有页面的所有表单

App::before(function($request)
{
    if ($request->getMethod() === 'POST') {
        Route::callRouteFilter('csrf', [], '', $request);
    }
});

Note: 'post' is the HTTP POST verb - so it will cover Laravel post, put, delete requests etc.

注意：'post' 是 HTTP POST 动词 - 因此它将涵盖 Laravel 的 post、put、delete 请求等。

Simply add this to the BaseController.

只需将此添加到BaseController.

// Be sure to call parent::__construct() when needed
public function __construct()
{
    // Perform CSRF check on all post/put/patch/delete requests
    $this->beforeFilter('csrf', array('on' => array('post', 'put', 'patch', 'delete')));
}

This add the CSRF filter to all post, put, patch and delete request.

这将 CSRF 过滤器添加到所有 post、put、patch 和 delete 请求。

The code you provided only creates the filter. You still need to use it in either your ROUTER or CONTROLLER (even in the basecontroller if need be).

您提供的代码仅创建过滤器。您仍然需要在您的路由器或控制器中使用它（如果需要，甚至在基本控制器中）。

In my opinion, using the filter in your ROUTES is the best place to use it.

在我看来，在你的 ROUTES 中使用过滤器是最好的使用它的地方。