Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

laravel VerifyCsrfToken excepts url with wildcard?

Tags:

php

middleware

api

laravel-5.4

laravel-middleware

I try to build my own API. I begin so my only model for the moment will be a "User". Here is how I would like to call my API :

HTTP/POST http://example.com/api/user/         # get all the users
HTTP/POST http://example.com/api/user/1        # get the user with id "1"
HTTP/POST http://example.com/api/user/1/delete # delete the user with id "1"
...

So my file routes/web.php looks like this :

<?php    
    Route::group(['prefix' => 'api'], function() {

        Route::group(['prefix' => 'user'], function() {
            Route::post('/', 'ApiController@allUsers');
        });
    });
?>

But it will not works as I do not pass throught Route::resource static method, but with regular Route::post method. So the issue is that VerifyCsrfToken middleware will trigger and try to check for my CSRF token, but as I want my api to be consume in the future by many other advice I prefer to use my own secure system (which will be a public-private key pairs, but now I just want to check for the integrity of the data I distribute through the api, and I will then set the secure algorithm).

The good news is that Laravel is so clean and let you add your exceptions URL in the VerifyCSRFToken array which is shaped like this :

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'api/user',
        'api/user/{howCanIManageTheWildCard}',
        'api/user/{howCanIManageTheWildCard}/delete',
        ...
    ];
}

?>

Question :

You see on the middleware above I have 2 issues :

  1. I will have to set manually all my routes (which at the end can be long)
  2. I do not know if the middleware will be able to handle any wildcard

So can I come with a solution wich could let me do a url wildcard like api/* ? Like this it would be so much easier !

like image 966
Anwar Avatar asked Mar 09 '23 14:03

Anwar

1 Answers

You can exclude URLs with /*

Eg. instead of api/user you can use api/user/*

read here

Just a suggestion

since you are building an API using laravel you can put all your API routes in api.php routes file instead of web.php routes file, In that case you will not have to pass CSRF Token for post request on API routes. And all the API routes will be like example.com/api/<route> by default, you will not have to group it. you can read more about Laravel routing here

happy to help :):):)

like image 89
Akshay Khale Avatar answered Mar 20 '23 16:03

Akshay Khale
Sign in to Comment

Related questions

Why created_at updated_at are null on insertion
Adding Foreign Key using Phinx
Deployer - Fatal error: Call to undefined function server()
Undefined property in model
Adding user custom field value to order items details
How to set a Json response in suave webpart
Laravel Migration table not created
Create Time slot for booking
How to query NOT NULL with Doctrine 2?
Visual Studio Code - Xdebug won't work
php Curl 405 Not allowed
Disable checkout page for not logged in users
homebrew -- Image Magick throwing version error when executing Php
Laravel 5 - How to use union in more than two tables/queries with Query Builder or Eloquent?
How to create the conditions on the model of eloquent? (Laravel 5.3)
How to retrieve Parse.com User details in php
Laravel DB transactions with multiple commits?
Get unique Session id in codeigniter
MongoDB remove() method is undefined with PHP [closed]
How to add Variations tab in custom product type in Woocommerce?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!