How to disable CSRF Token in Laravel and why we have to disable it?

前端未结

关注

 7  1311

I want to see how I can disable CSRF token in Laravel and where I have to disable it. Is this good to disable it or not?

相关标签:

7条回答

闹比i

2020-11-30 06:55
(Temporary fix. Not Recommended)

Just Open kernel.php (app/http) and disable
```
App\Http\Middleware\VerifyCsrfToken::class,
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
一生所求

2020-11-30 06:58

You can disable it in app/http/Kernel.php in the web middleware group.

Is this good to disable it or not?

No it's not. Read the Wikipedia page about CSRF to understand what CSRF is, the CSRF-Token prevents CSRF.

0 讨论(0)
发布评论:

提交评论
- 加载中...
生来不讨喜

2020-11-30 06:58
In laravel 7. Open file \App\Http\Middleware\VerifyCsrfToken.php

Disable for all routes
```
protected $except = [
    '*',
];
```
Disable for some routes
```
 protected $except = [
    'mobile/*',
    'news/articles',
];
```
I searched for a long time how to disable CSRF completely, there are many identical examples but they do not help
0 讨论(0)
发布评论:

提交评论
- 加载中...
南旧

2020-11-30 07:00
Hi just go to app/Http/Kernel.php file simply commented out line no 31
```
// \App\Http\Middleware\VerifyCsrfToken::class,
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
礼貌的吻别

2020-11-30 07:02
Many people explain how to do it, but they do not explain what the url should look like.

edit app/Http/Middleware/VerifyCsrfToken.php
```
namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;

    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        '/user/my_function'
    ];
}
```
In the $except array(); we add a url with just a simple string. This points to a controller usually depending on how your route is setup.

For example I have a UserController.php file in my Controller folder. I have a route like. In the web.php routes file.
```
Route::post('/user', 'UserController@my_function')->name('my_function');
```
Also alternatively, if you came to this question simply because you don't know how to use the CSRF and you don't actually need to disable it, or make the URL except. You can use this method.

Add these lines to your app.blade.php if it is used for ajax related calls.
```
<script>
$(function() {
    $.ajaxSetup({
        headers: {
        'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
        }
    });
});
</script>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
栀梦

2020-11-30 07:16
You can Disable CSRF on few routes by editing.
```
App\Http\Middleware\VerifyCsrfToken 
```
and add your own routes name in protected
```
$except = [] array.
```
It does not seems to be good practice as by doing this we are removing security feature of Laravel.
0 讨论(0)
发布评论:

提交评论
- 加载中...

1 2 下一页