Laravel: Exclude a Dynamic Route From CSRF Protection
Leonel Elimpe
by Leonel Elimpe
~1 min read


  • CSRF
  • Laravel

Let’s say you have the following dynamic web route and would like to exclude it from csrf protection in your Laravel application:

Route::post('access-points/{access_point}/airtime-requests', 'AccessPointAirtimeRequestController');

In your app/Http/Middleware/VerifyCsrfToken.php file, add the following to the $except array to exclude the above route:

     * The URIs that should be excluded from CSRF verification.
     * @var array
    protected $except = [
        'access-points/*/airtime-requests', // <--- ADD THIS

This has worked for me, hope it does for you too 🙂.