Laravel: Exclude a Dynamic Route From CSRF Protection
Leonel Elimpe
by Leonel Elimpe
~1 min read

Tags

  • Laravel
  • CSRF

Let’s say you have the following dynamic web route and would like to exclude it from csrf protection in your Laravel application:

Route::post('access-points/{access_point}/airtime-requests', 'AccessPointAirtimeRequestController');

In your app/Http/Middleware/VerifyCsrfToken.php file, add the following to the $except array to exclude the above route:

    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'access-points/*/airtime-requests', // <--- ADD THIS
    ];

This has worked for me, hope it does for you too 🙂.