Laravel 5: POST without CSRF checking

Question

It seems that Laravel 5 by default applies the CSRF filter to all non-get requests. This is OK for a form POST, but might be a problem to an API that POSTs DELETEs etc.

Answer 1

You can exclude URIs from CSRF by simply adding them to the $except property of the VerifyCsrfToken middleware (app/Http/Middleware/VerifyCsrfToken.php):

Documentation: http://laravel.com/docs/5.1/routing#csrf-protection