Disable required CSRF in POST method in selected route

Question

I have 4 router, where I need disable required CSRF in post (payments).

Route::post('createPayment', 'DotpayController@createPayment')->name('frontend.dotpay.createPayment');
Route::post('paymentConfirmation', 'DotpayController@paymentConfirmation')->name('frontend.paymentConfirmation');
Route::match(['POST', 'GET'], 'paymentConfirmationSplash', 'DotpayController@paymentConfirmationSplash')->name('frontend.paymentConfirmationSplash');
Route::get('/paymentStatus', 'DotpayController@paymentStatus')->name('frontend.paymentStatus')

How can I make it?

Answer 1

exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'createPayment',
        'paymentConfirmation',
        'paymentConfirmationSplash',
        
    ];
}

Answer 2

VerifyCsrfToken middleware allows to specify routes that are excluded from CSRF validation. app/Http/Middleware/VerifyCsrfToken.php edit the except array to exclude some routes

protected $except = [
    'createPayment',
    'paymentConfirmation'
];

Answer 3

You need to add the routes to $except array in your App\Http\Middleware\VerifyCsrfToken.php class:

<?php namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
  protected $except = [
    'createPayment/*',
    'paymentConfirmation/',
  ];
}