English
English
Before Laravel 5.5, Laravel used token-based CSRF protection by default to ensure application security. However, in certain development scenarios, you may want to disable this protection to avoid unnecessary complexity. This can be done by modifying the Kernel.php file:
First, open the App\Http\Kernel.php file, find the $middlewareGroups property, and add the following code to the web configuration array:
protected $middlewareGroups = [
'web' => [
// ...
App\Http\Middleware\VerifyCsrfToken::class => function ($request, $next) {
return $next($request);
},
],
];
By defining the VerifyCsrfToken::class middleware as an anonymous function, you have successfully disabled token-based CSRF protection.
If you only want to disable CSRF protection for certain routes, Laravel provides the csrf_exempt method, which allows you to disable CSRF protection for a specific route. For example:
Route::post('/api/posts', [
'middleware' => 'auth.basic',
'uses' => 'PostController@store',
])->csrf_exempt();
Using this method, you can disable CSRF protection for a specific route.
Lastly, you can disable the entire CSRF protection component by modifying the VerifyCsrfToken.php file. This file is located in the App\Http\Middleware directory. Open the file and comment out the code in the handle method:
class VerifyCsrfToken extends Middleware
{
protected $except = [];
public function handle($request, Closure $next)
{
// return parent::handle($request, $next);
return $next($request);
}
}
By commenting out parent::handle($request, $next), you have disabled the entire CSRF protection component.
Although disabling CSRF protection can solve certain issues during development, it may introduce security risks. It is important to proceed cautiously and ensure that other security measures are in place, or disable it only in development environments. Always backup your code and consider other, more secure solutions when necessary.
