Disable CSRF TokenMismatch for specific routes on Lumen

- 1 answer

Ad

I'm using Lumen Framework.

I have an external program who send a HTTP POST request every 2 minutes.

I don't need any views, so I would like to understand how disable CSRF TokenMismatch in Lumen for specific routes (I need it to be activated on some others) ?

Ad

Answer

Ad

You could extend the VerifyCsrfToken class and add your routes to the excludes list.

Add this file called VerifyCsrfToken.php to app/Http/Middleware:

<?php namespace App\Http\Middleware;

use Closure;
use Illuminate\Session\TokenMismatchException;

class VerifyCsrfToken extends \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken {

    protected $except_urls = [
        // your excluded URLs go here
        'example/route',
    ];

    public function handle($request, Closure $next)
    {
        $regex = '#' . implode('|', $this->except_urls) . '#';

        if ($this->isReading($request) || $this->tokensMatch($request) || preg_match($regex, $request->path()))
        {
            return $this->addCookieToResponse($request, $next($request));
        }

        throw new TokenMismatchException;
    }

}

Then add the Middleware to the bootstrap/app.php file. You have to uncomment $app->middleware() then add it to it like this:

$app->routeMiddleware([
'csrf' => 'Laravel\Lumen\Http\Middleware\VerifyCsrfToken',
]);
Ad
source: stackoverflow.com
Ad