How to disable CSRF Token in Laravel and why we have to disable it?

Question

I want to see how I can disable CSRF token in Laravel and where I have to disable it. Is this good to disable it or not?

Answer 1

The CSRF token protects your application and it's users against cross-site request forgery. For more information on that, have a read here:

https://en.wikipedia.org/wiki/Cross-site_request_forgery

The token is validated via Middleware in Laravel. If you take a look at the file app/Http/Middleware/VerifyCsrfToken.php, you will see it gives you the option to add URLs that should be exempt from CSRF verification.

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
    ];
}

If you want to disable it entirely, you can find it in the Middleware group named web in app/Http/Kernel.php. Those are the middlewares that fire by default over HTTP requests.

I wouldn't recommend disabling it where possible though.