Add middleware

app/Http/Kernel.php

@@ -29,5 +29,6 @@ class Kernel extends HttpKernel
         'auth' => \App\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'csrf' => \App\Http\Middleware\VerifyCsrfHeader::class,
     ];
 }

app/Http/Middleware/Authenticate.php

@@ -17,8 +17,7 @@ class Authenticate
     /**
      * Create a new filter instance.
      *
-     * @param  Guard  $auth
-     * @return void
+     * @param  Guard $auth
      */
     public function __construct(Guard $auth)
     {
@@ -28,18 +27,14 @@ class Authenticate
     /**
      * Handle an incoming request.
      *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Closure  $next
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
      * @return mixed
      */
     public function handle($request, Closure $next)
     {
         if ($this->auth->guest()) {
-            if ($request->ajax()) {
-                return response('Unauthorized.', 401);
-            } else {
-                return redirect()->guest('auth/login');
-            }
+            return redirect()->guest('login');
         }
 
         return $next($request);

app/Http/Middleware/VerifyCsrfHeader.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Session\TokenMismatchException;
+use Session;
+
+class VerifyCsrfHeader
+{
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @return mixed
+     * @throws TokenMismatchException
+     */
+    public function handle($request, Closure $next)
+    {
+        if (Session::token() != $request->input('_token') && Session::token() != $request->header('X-Token')) {
+            throw new TokenMismatchException;
+        }
+
+        return $next($request);
+    }
+}