Disable the CSRF token of the Standard 5.2

Asked

Viewed 1,924 times

0

In Laravel 5.2 I want to disable CSRF on a route, because I am using the pagseguro (michaeldouglas/Laravel-pagseguro) and I want to work with the automatic return.

I have tried adding the route in the exception array in the Middlewareverifycsrftoken Http App file

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier{
    protected $except = [
       'pagseguro/notification',
    ]; 
}

I’ve tried deleting and commenting on Verifycsrftoken in the App Http kernel.php

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
       //\App\Http\Middleware\VerifyCsrfToken::class,
    ],

None of the methods worked, I keep getting the error below:

MethodNotAllowedHttpException in RouteCollection.php line 219
  • 1

    Is it not because of the space in protected $except = [&#xA; ' pagseguro/notification',&#xA; ]; ? This error does not seem to be the token, I think the token being would be something like tokenmissmatch exception...

  • This was a typo, the file was without space. I have changed here too, but nothing to work yet.

  • Do not exclude in kernel. In let only in middleware except

  • I think the error doesn’t even have to do with the token. I just tested with the route I don’t want in the middleware and ran 5 stars. I think on the routes may be shuffling post/get on this route

  • It was the first thing I did and did not roll, after I tried to comment the Verifycsrftoken tb did not roll, I tried to delete the Verifycsrftoken tb was not.

  • I created another test route just for that and it was not, I will try to install the zeroed and test.

  • very strange. it worked for me.. And all the articles I read say it’s like this

Show 2 more comments

2 answers

3

The solution I’m using in a restful api on the site I participate in:

I put the exception routes in the file:

app/Http/Middleware/VerifyCsrfToken.php

(all other routes are part of the site, ie, "no restful")

Thus remaining:

    <?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        "api",
        "api/user",
        "api/products",
        "api/whatever......",
    ];
}
  • It worked for me. But you can inform the route instead of the URI?

  • There’s how I love this stackoverflow! <3

1


You’re getting it wrong. The exception MethodNotAllowedHttpException is fired when you try to access a route POST via method GET (or any other method, I’m just exemplifying).

The exception that is triggered when the token is invalid, is TokenMismatchException.

So there’s nothing wrong. Maybe the problem is another.

  • Wallace Maxters in fact the problem in the control Platform Laravel5 Notifitioncontroller@notification I directed to another control I created for testing and it worked.

  • Great explanation about the different types of Exception, this is a detail we always have to note.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.