Laravel Disable CSRF Token Protection on Routes

Laravel disable CSRF token protection example. In this Laravel tutorial, we will learn how to disable CSRF token protection on all routes (web and api) and specific routes in laravel apps.

When we work with laravel apps and you face problems like laravel csrf token mismatch, laravel csrf token expiration time, csrf token mismatch laravel ajax, and remove csrf token in laravel form. So this tutorial will guide to step by step to remove csrf protection on all routes or specific routes in laravel apps.

How to Disable CSRF Token Protection on Routes in Laravel

Here, we will learn how to disable CSRF token protection on all routes (web and API) and specific routes as follow:

Laravel Disable CSRF Protection All Routes

To disable CSRF token protection on all(web, api & other) routes in laravel. So navigate to app\Http\Middleware and open VerifyCsrfToken.php file. Then update the routes, in which you want to disable CSRF protection.

Suppose you have the following routes in your laravel apps and want to disable CSRF protection all routes:

Route::post('route1', 'ExampleController@index1');
Route::post('route2', 'ExampleController@index2');
Route::post('route3', 'ExampleController@index3');

Next, Navigate to app/HTTP/and Open Kernal.php file. And remove or comment out this \App\Http\Middleware\VerifyCsrfToken::class line in app\Http\Kernel.php as follow:

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            //\App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

Laravel Disable CSRF Protection on Specific Routes

To disable CSRF protection on specific routes. So navigate to app\Http\Middleware and open VerifyCsrfToken.php file. Then update the routes, which you want to disable CSRF protection.

Suppose you have following routes into your laravel apps and want to disable CSRF protection all routes:

Route::post('route1', 'ExampleController@index1');
Route::post('route2', 'ExampleController@index2');
Route::post('route3', 'ExampleController@index3');

Next, Navigate to app/HTTP/Middleware and Open VerifyCsrfToken.php file. Then update the following routes into VerifyCsrfToken.php file in your laravel apps as follow:

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = ['route1', 'route2'];
}

Conclusion

In this tutorial, we have learned how to disable csrf token protection for all routes or specific routes in laravel apps.

Recommended Laravel Tutorials