input('_token') && Session::token() != $request->header('X-Token')) { throw new TokenMismatchException; } return $next($request); } }