I am hoping to disable CSRF verification tokens for a specific domain. For example, my EC2 instances. This is so that I can run live-cross browser testing on my EC2 instance without any issues.
I've found a lot of info on updating the VerifyCsrfToken in the middleware directory for specific routes within the app, but nothing on how to check the host or domain. I can use /* in my protected URIs.
class VerifyCsrfToken extends BaseVerifier
{
    /**
    * The URIs that should be excluded from CSRF verification.
    *
    * @var array
    */
    protected $except = [
        '/*'
    ];
}
However, for obvious reasons, I would prefer not to use this approach.
I am using a standard Laravel 5.3 setup, so have usual middleware files that come with this framework in use.
Any help would be appreciated!
You could check the host used to make a request in the CSRF middleware and act accordingly. Add the following in your VerifyCsrfToken class:
public function handle($request, Closure $next)
{
    if ($request->getHost() == 'some.host.without.csrf.protection') {
        // skip CSRF check
        return $next($request);
    }
    return parent::handle($request, $next);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With