How do I add a route to the CSRF exception list?

If you do not want your route to require a valid CSRF token, you can add it to an exceptions list through code or the project's routing configuration file. Typically you would use this for any 3rd party post-back calls.

 

Code

To add a route to the exceptions list through code you need to add to the static VerifyCsrfToken::$exceptions array.

<?php

namespace Acme\MyModule;

use Aero\Common\Providers\ModuleServiceProvider;
use Aero\Store\Http\Middleware\VerifyCsrfToken;

class ServiceProvider extends ModuleServiceProvider
{
   public function setup()
   {
       VerifyCsrfToken::$exceptions[] = '/my-route';
   }
}

 

Configuration

The routing configuration file has a csrf_exceptions array where you can list routes for the exceptions list.

You can publish the routing configuration file with this command:

php artisan vendor:publish --provider="Aero\Routing\Providers\RoutingServiceProvider"

Once this file is published you can view it by navigating to config/aero/routing.php in your project. You can edit the csrf_exceptions array directly in this file.

You may need to clear the config cache for your changes to take effect.

php artisan config:clear

Articles in this section

Was this article helpful?
0 out of 0 found this helpful