Menu
In my application I want to disable CSRF when running on my laptop APP_ENV=local and on development too APP_ENV=dev. Can't get my head throguh how to do it in either routes.php or the web middleware. here's my routes.php
Route::group(['middleware' => ['web']], function () {
Route::get('/', function () {
return view('welcome');
})->middleware('guest');
Route::group(['middleware' => 'auth'], function()
{
Route::resource('battles', 'BattlesController'); //, ['except' => ['index']]);
Route::resource('disputes', 'DisputesController');
Route::resource('messages', 'MessagesController');
});
});
I could use some env file loading magic to ensure the app loads either of .local.ev, .dev.env, .test.env, .production.env but I still have to find a way to ensure that the web middleware includes CSRF only when not in local or dev
710
The easiest way will be to disable the CSRF check directly in the middleware. In order to do that you'll need to modify App\Http\Middleware\VerifyCsrfToken class. Add there the following handle() method:
public function handle($request, \Closure $next)
{
if (in_array(env('APP_ENV'), ['local', 'dev'])) {
return $next($request);
}
return parent::handle($request, $next);
}
I had similar trouble with testing environment which could be resolved by turning off middleware:
class ExampleTest extends TestCase {
use WithoutMiddleware;
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
