Menu
It seems that Laravel 5 by default applies the CSRF filter to all non-get requests. This is OK for a form POST, but might be a problem to an API that POSTs DELETEs etc.
Simple Question:
How can I set a POST route with no CSRF protection?
707
A: You can disable CSRF Laravel from the App/Http/Kernel. php file by removing App\Http\Middleware\VerifyCsrfToken from the $middleware array.
The process The easiest way to submit a form without CSRF is to exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware. First you have to go to the App\Http\Middleware\VerifyCsrfToken.
Add a new middleware layer Update the $middlewareGroups property, and add a middle entry for 'payment'. It can be exactly the same as web , but without the VerifyCsrfToken line. Now whenever you add new routes that need to be excluded from the CSRF Token check, add them to the routes/payment.
The CSRF token is required for any later REST API calls. The client must send a valid token with every API request. The token is sent in a custom request HTTP header.
You can exclude URIs from CSRF by simply adding them to the $except property of the VerifyCsrfToken middleware (app/Http/Middleware/VerifyCsrfToken.php):
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'api/*',
];
}
Documentation: http://laravel.com/docs/5.1/routing#csrf-protection
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
