If you do not want your route to require a valid CSRF token, you can add it to an exceptions list through code or the project's routing configuration file. Typically you would use this for any 3rd party post-back calls.
Code
To add a route to the exceptions list through code you need to add to the static VerifyCsrfToken::$exceptions array.
<?php
namespace Acme\MyModule;
use Aero\Common\Providers\ModuleServiceProvider;
use Aero\Store\Http\Middleware\VerifyCsrfToken;
class ServiceProvider extends ModuleServiceProvider
{
public function setup()
{
VerifyCsrfToken::$exceptions[] = '/my-route';
}
}
Configuration
The routing configuration file has a csrf_exceptions array where you can list routes for the exceptions list.
You can publish the routing configuration file with this command:
php artisan vendor:publish --provider="Aero\Routing\Providers\RoutingServiceProvider"
Once this file is published you can view it by navigating to config/aero/routing.php in your project. You can edit the csrf_exceptions array directly in this file.
You may need to clear the config cache for your changes to take effect.
php artisan config:clear