In Laravel 5, How to disable VerifycsrfToken middleware for specific route?
In Laravel 5 this has chagned a bit. Now you can simply add the routes you want to exclude from csrftoken verification, in $except
array of the class
'VerifyCsrfToken' (\app\Http\Middleware\VerifyCsrfToken.php):
class VerifyCsrfToken extends BaseVerifier{ protected $except = [ // Place your URIs here ];}
Examples:
1. If you are using a route group:
Route::group(array('prefix' => 'api/v2'), function(){ Route::post('users/valid','UsersController@valid');});
Your $except
array looks like:
protected $except = ['api/v2/users/valid'];
2. If you are using a simple route
Route::post('users/valid','UsersController@valid');
Your $except
array looks like:
protected $except = ['users/valid'];
3. If you want to exclude all routes under main route (users in this case)
Your $except
array looks like:
protected $except = ['users/*'];
see: http://laravel.com/docs/master/routing#csrf-excluding-uris
CSRF is enabled by default on all Routes in Laravel 5, you can disable it for specific routes by modifying app/Http/Middleware/VerifyCsrfToken.php
//app/Http/Middleware/VerifyCsrfToken.php//add an array of Routes to skip CSRF checkprivate $openRoutes = ['free/route', 'free/too'];//modify this functionpublic function handle($request, Closure $next) { //add this condition foreach($this->openRoutes as $route) { if ($request->is($route)) { return $next($request); } } return parent::handle($request, $next); }