xxxxxxxxxx
//In laravel 7. Open file \App\Http\Middleware\VerifyCsrfToken.php
//Disable for all routes
protected $except = [
'*',
];
//Disable for some routes
protected $except = [
'mobile/*',
'news/articles',
];
//I searched for a long time how to disable CSRF completely,
//there are many identical examples but they do not help
xxxxxxxxxx
<meta name="csrf-token" content="{{ csrf_token() }}" />
<script type="text/javascript">
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
</script>
xxxxxxxxxx
//app/http/middleware/VerifyCsrfToken.php
protected $except = [ 'api/*'];
xxxxxxxxxx
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'stripe/*',
'http://example.com/foo/bar',
'http://example.com/foo/*',
];
}
xxxxxxxxxx
<form method="POST" action="/profile">
@csrf
<input name="name">
<button type="submit">send</button>
</form>
xxxxxxxxxx
Disable CSRF on few routes by editing.
App\Http\Middleware\VerifyCsrfToken.php
and add your own routes name in protected
$except = ['user/ProcessPayment'] array.