How to Exclude Route from CSRF Middleware in Laravel? (ok)

https://www.itsolutionstuff.com/post/how-to-exclude-route-from-csrf-middleware-in-laravelexample.html

C:\xampp\htdocs\reset\routes\web.php

<?php
use App\Http\Controllers\PostController;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
 */
Route::get('/', function () {
  return view('form');
});
Route::post('/posts/store', [PostController::class, 'store']);

C:\xampp\htdocs\reset\app\Http\Controllers\PostController.php

<?php
namespace App\Http\Controllers;
use App\Models\Post;
use Illuminate\Http\Request;
class PostController extends Controller {
  /**
   * Display a listing of the resource.
   *
   * @return \Illuminate\Http\Response
   */
  public function index() {
    return view("form");
  }
  public function store(Request $request) {
    $post = new Post();
    $post::create($request->all());
  }
}

C:\xampp\htdocs\reset\resources\views\form.blade.php

@extends('layouts.app')
@section('content')
<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card">
                <div class="card-header">{{ __('Dashboard') }}</div>
                <div class="card-body">
                    @if (session('status'))
                        <div class="alert alert-success" role="alert">
                            {{ session('status') }}
                        </div>
                    @endif
                    <form action="{{ url('/posts/store') }}" method="POST">
                        <input type="text" name="name">
                        <input type="submit" name="Submit">
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

C:\xampp\htdocs\reset\app\Models\Post.php

<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class Post extends Model {
  use HasFactory;
  protected $fillable = [
    'name',
  ];
}

C:\xampp\htdocs\reset\database\migrations\2022_05_19_175943_create_posts_table.php

<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class CreatePostsTable extends Migration {
  /**
   * Run the migrations.
   *
   * @return void
   */
  public function up() {
    Schema::create('posts', function (Blueprint $table) {
      $table->id();
      $table->string("name");
      $table->timestamps();
    });
  }
  /**
   * Reverse the migrations.
   *
   * @return void
   */
  public function down() {
    Schema::dropIfExists('posts');
  }
}

C:\xampp\htdocs\reset\app\Http\Middleware\VerifyCsrfToken.php

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware {
  /**
   * Indicates whether the XSRF-TOKEN cookie should be set on the response.
   *
   * @var bool
   */
  protected $addHttpCookie = true;
  /**
   * The URIs that should be excluded from CSRF verification.
   *
   * @var array<int, string>
   */
  protected $except = [
    'posts/store'
  ];
}

Nếu không dùng 'posts/store' trong file C:\xampp\htdocs\reset\app\Http\Middleware\VerifyCsrfToken.php ta sẽ gặp lỗi như hình sau muốn không lỗ như trên thì chúng ta têm @csrf vào form của file C:\xampp\htdocs\reset\resources\views\form.blade.php

How to Exclude Route from CSRF Middleware in Laravel?

By Hardik Savani January 21, 2020 Category : LaravelPlayUnmuteLoaded: 1.17%FullscreenIn this article, i will let you know about how to laravel disable csrf for route or how to laravel ignore csrf for route. So basically we will exclude route from middleware in laravel application. this solution will helps to use in laravel 5, laravel 6, laravel 7, laravel 8 and laravel 9.

Laravel provide CSRF for secure request with CSRF token. CSRF is default enable to all post type routes. but if you want to disable for specific route then you can do it easily.

Sometime we need to ignore some route for csrf middleware in our laravel application. as my experience, when i was working on twilio api and i need to create callback url with post method. so i was always fail to execute that url because of csrf token but when i found solution of how to disable csrf for some routes then solve by adding routes in VerifyCsrfToken middleware.

VerifyCsrfToken middleware will have $except array variable there you can easily add your url and ignore from csrf token verification. so you can add as like bellow:

Bellow example i added two url 'sms/callback' and 'posts/store' for ignoring csrf token verify, as bellow.

app/Http/Middleware/VerifyCsrfToken.php

<?php  namespace App\Http\Middleware;  use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;  class VerifyCsrfToken extends Middleware{    /**     * Indicates whether the XSRF-TOKEN cookie should be set on the response.     *     * @var bool     */    protected $addHttpCookie = true;       /**      * The URIs that should be excluded from CSRF verification.     *     * @var array     */    protected $except = [        'sms/callback',        'posts/store'    ];}

Your route will be like as bellow:

Route::post('/sms/callback', 'SMSController@callback');Route::post('/posts/store', 'PostController@callback');

You can use this url on any api or on your blade file. now you can call this post url without passing csrf token as like bellow:

Read Also: Laravel Collection Filter Method Example

<form action="{{ url('/posts/store') }}" method="POST">    <input type="text" name="name">       <input type="submit" name="Submit"></form>

I hope it can help you...