security: cross-site request forgery

resources/js/bootstrap.js

@@ -26,8 +26,10 @@ $.ajaxSetup({
  */
 
 window.axios = require('axios');
-
-window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
+window.axios.defaults.headers.common = {
+    'X-Requested-With': 'XMLHttpRequest',
+    'X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+};
 
 /**
  * Next we will register the CSRF Token as a common header with Axios so that

resources/js/components/chat/ChatMessages.vue

@@ -126,7 +126,7 @@ export default {
         },
         editMessage(message) {},
         deleteMessage(id) {
-            axios.get(`/api/chat/message/${id}/delete`);
+            axios.post(`/api/chat/message/${id}/delete`);
         },
         userStyles(user) {
             return `cursor: pointer; color: ${user.group.color}; background-image: ${user.group.effect};`;

resources/js/components/chat/ChatPms.vue

@@ -46,7 +46,7 @@ export default {
         },
         editMessage(pm) {},
         deleteMessage(id) {
-            axios.get(`/api/chat/message/${id}/delete`);
+            axios.post(`/api/chat/message/${id}/delete`);
         },
         userStyles(user) {
             return `cursor: pointer; color: ${user.group.color}; background-image: ${user.group.effect};`;

routes/vue.php

@@ -47,7 +47,7 @@
 
         /* Messages */
         Route::post('/messages', [App\Http\Controllers\API\ChatController::class, 'createMessage']);
-        Route::get('/message/{id}/delete', [App\Http\Controllers\API\ChatController::class, 'deleteMessage']);
+        Route::post('/message/{id}/delete', [App\Http\Controllers\API\ChatController::class, 'deleteMessage']);
         Route::get('/messages/{room_id}', [App\Http\Controllers\API\ChatController::class, 'messages']);
 
         /* Private Stuff */