disable csrf for unprotect method post, put and delete in laravel 5

Question

in laravel 4 not use csrf protect method (POST, PUT and DELETE) is default but in larave 5 use csrf to protect post, put and delete method from injection code is default is default. this protection is no problem for form but it have problem for build api rest.

so help me to show how to disable csrf unprotect method ( POST, PUT and DELETE) for build api rest in laravel 5. thanks

Answer 1

go to app->http->kernel

open kernel file:

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
  //  \App\Http\Middleware\VerifyCsrfToken::class, // this is the csrf token, just disable using '//'
];

Answer 2

If your concern is just for /api/* routes, you can follow my answer here on Stack Overflow

HOpe this helps you to get clean and short code.

Answer 3

It is a method from here and I have tested that it should be okay.

In short, to disable csrf in particular pages, just change the app/Http/Middleware/VerifyCsrfToken.php to something like this:

public function handle($request, Closure $next)
    {
        //disable CSRF check on following routes
        $skip = array(
                    'user/path/xys',
                    'user/profile',
                    'my/unprotected/route'
                    );

        foreach ($skip as $key => $route) {
            //skip csrf check on route
            if($request->is($route)){
                return parent::addCookieToResponse($request, $next($request));
            }
        }

        return parent::handle($request, $next);
    }