Disable the CSRF token for laravel 5.2

0

In laravel 5.2 I want to disable CSRF on a route, since I am using pagseguro (michaeldouglas / laravel-pagseguro) and want to work with automatic return.

I have tried to add the route in the exception array in the App \ Http \ MiddlewareVerifyCsrfToken

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier{
    protected $except = [
       'pagseguro/notification',
    ]; 
}

I have tried to delete and comment the VerifyCsrfToken in App \ Http \ kernel.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
       //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

None of the methods worked, I keep getting the error below:

MethodNotAllowedHttpException in RouteCollection.php line 219
    
asked by anonymous 29.06.2016 / 21:46

2 answers

1

You're misunderstanding. The MethodNotAllowedHttpException exception is thrown when you attempt to access a POST route via GET method (or any other method, I'm just illustrating).

The exception that is thrown when the token is invalid, is TokenMismatchException .

So there's nothing wrong. The problem may be another one.

    
29.06.2016 / 22:25
2

The solution I am using in a restful api on the site I participate in:

I put the exceptions in the file:

app/Http/Middleware/VerifyCsrfToken.php

(all other routes are part of the site, ie "not restful")

Looking like this:

    <?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        "api",
        "api/user",
        "api/products",
        "api/whatever......",
    ];
}
    
03.08.2016 / 22:36