From 97958fb008a6a80de0543120c9919749ba104043 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Lam=C3=A9?= <antoine.lame@gmail.com>
Date: Sun, 20 Dec 2020 23:32:42 +0100
Subject: [PATCH] Fix DecryptException with invalid X-XSRF-TOKEN (#35671)

---
 .../Foundation/Http/Middleware/VerifyCsrfToken.php         | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
index 6a1f028f9ce8..59483200e4d0 100644
--- a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
+++ b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -3,6 +3,7 @@
 namespace Illuminate\Foundation\Http\Middleware;
 
 use Closure;
+use Illuminate\Contracts\Encryption\DecryptException;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\Support\Responsable;
@@ -152,7 +153,11 @@ protected function getTokenFromRequest($request)
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
-            $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
+            try {
+                $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized()));
+            } catch (DecryptException $e) {
+                $token = '';
+            }
         }
 
         return $token;