0 Best Reply Awards

  • Member Since 3 Years Ago
  • 46 Lessons Completed
  • 0 Favorites

19th October, 2015

rakmaster left a reply on [L5] Disable CSRF Middleware On Certain Routes • 2 years ago

That actually doesn't work. If you use the "except" variable and insert a member into the array, all Laravel will do is attempt to insert the token it finds in the session into the current request, then pass that request on. If there never was a token in the session, the request still fails.

I learned this when I installed Sleeping-Owl admin. I'm running a site where there is a user's area and an admin area. All of the user's area is secured by csrf. The admin is secured by sleeping-owl. If I try to upload a file while logged in as an admin (having never logged in as a user) the route fails no matter what. If I log into both the admin, and the front side the upload works fine. It had me confused until I spent an hour walking through every single step of the attempt.


Edit Your Profile

Want to change your profile photo? We pull from gravatar.com.