PHPackages                             brunoabpinto/csrf-refresh - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. brunoabpinto/csrf-refresh

ActiveLibrary[Security](/categories/security)

brunoabpinto/csrf-refresh
=========================

Automatic CSRF token refresh for Laravel applications to prevent token expiration on long-lived pages

v1.0.0(5mo ago)0121[1 issues](https://github.com/brunoabpinto/csrf-refresh/issues)MITPHPPHP ^8.1

Since Jan 22Pushed 5mo agoCompare

[ Source](https://github.com/brunoabpinto/csrf-refresh)[ Packagist](https://packagist.org/packages/brunoabpinto/csrf-refresh)[ Docs](https://github.com/brunoabpinto/csrf-refresh)[ RSS](/packages/brunoabpinto-csrf-refresh/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (1)Versions (2)Used By (0)

CSRF Refresh for Laravel
========================

[](#csrf-refresh-for-laravel)

Automatic CSRF token refresh for Laravel applications to prevent token expiration on long-lived pages.

Installation
------------

[](#installation)

Install the package via Composer:

```
composer require brunoabpinto/csrf-refresh
```

The package will automatically register its service provider via Laravel's package auto-discovery.

Usage
-----

[](#usage)

Add the `@csrfRefresh` Blade directive to your layout file, typically in the `` section or before the closing `` tag:

```

    @csrfRefresh

```

How It Works
------------

[](#how-it-works)

1. The package registers a route at `/csrf-token/refresh` that returns a fresh CSRF token
2. A JavaScript file is automatically published to `public/vendor/csrf-refresh/`
3. The script periodically fetches a new CSRF token and updates the `` element
4. The refresh interval is calculated based on your session lifetime configuration (refreshes 50 seconds before expiration)

Publishing Assets
-----------------

[](#publishing-assets)

The JavaScript file is automatically published on first boot. To manually update the assets after a package update:

```
php artisan vendor:publish --tag=csrf-refresh-assets --force
```

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Laravel 10.x or 11.x

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE) for more information.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance71

Regular maintenance activity

Popularity8

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

163d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/13052361?v=4)[Bruno Pinto](/maintainers/brunoabpinto)[@brunoabpinto](https://github.com/brunoabpinto)

---

Tags

laravelsecuritytokensessioncsrfrefresh

### Embed Badge

![Health badge](/badges/brunoabpinto-csrf-refresh/health.svg)

```
[![Health](https://phpackages.com/badges/brunoabpinto-csrf-refresh/health.svg)](https://phpackages.com/packages/brunoabpinto-csrf-refresh)
```

###  Alternatives

[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

9062.1k](/packages/dgtlss-warden)[laravel-chronicle/core

Tamper-evident audit ledger for Laravel applications.

1213.2k3](/packages/laravel-chronicle-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
