That actually doesn't work. If you use the "except" variable and insert a member into the array, all Laravel will do is attempt to insert the token it finds in the session into the current request, then pass that request on. If there never was a token in the session, the request still fails.

I learned this when I installed Sleeping-Owl admin. I'm running a site where there is a user's area and an admin area. All of the user's area is secured by csrf. The admin is secured by sleeping-owl. If I try to upload a file while logged in as an admin (having never logged in as a user) the route fails no matter what. If I log into both the admin, and the front side the upload works fine. It had me confused until I spent an hour walking through every single step of the attempt.


Return to Thread...