Laravel has CSRF enabled by default for all requests that come through your app. This is included and handled automatically to make life easier.
However, one issue that comes up is when you are using external services where you do not have the ability to set a token. An example of this is with web hooks from third parties.
What an awesome addition to Laravel