CSRF verification issue when receiving data from an outside server

I have two servers: shop (non-Laravel) and returns (Laravel). I want the two servers to be able to communicate with each other.

I have tried sending a JSON object from the shop server to my returns server using cURL via the command line, which only works when I comment out \App\Http\Middleware\VerifyCsrfToken::class within Kernel.php. This was okay to test, but I need it to work with the csrf token.

My cURL command was as follows:

curl -i -H "Accept: application/json" --data '{"orderId":"1245", "customerNr":"98765"}' -H "Content-Type: application/json" -X POST https://returns.jdoe.blah.test/createReturn

How can I give a token in the cURL so that csrf verification works?

I'm quite new to Laravel, so if you need any more information, please feel free to ask :).

siangboon

6 years ago

Level 54

https://laravel.com/docs/5.8/csrf#csrf-excluding-uris

GregKos

6 years ago

Level 9

CSRF verification is only meant for requests on the same site. For external incoming requests you should exclude the relative routes from verification, as the documentation says.

However, the correct way is not to comment out the middleware, as this disables the verification for all routes. Instead, go to app/Http/Middleware/VerifyCsrfToken.php and enter the necessary routes in the except array.

Please or to participate in this conversation.