Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I currently have a Controller method that is making an API call to Braintree (a payment processing package like Stripe). What essentially happens is that when a user enters their bank account information it gets sent off to Braintree to verify. Once Braintree verifies it, they send back a POST request via a webhook to a controller method I've setup.
Problem is, the webhook return is causing a TokenMismatchException which I'm guessing is because the POST request from Braintree naturally doesn't have a token. Does that sound right? If so, how can I essentially turn off the global VerifyCSRFToken Middleware just for one route? Or is that not even the way to go about it?
edit: I did just find this: http://www.camroncade.com/disable-csrf-for-specific-routes-laravel-5/ Anyone have any opinions on it?
I just ran into this issue building an angularjs app. This worked for me. Edit App\Http\middleware\VerifyCsrfToken.php
//add this new condition
private $openRoutes = ['route_to_exclude' ];
//add to the handler function
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
Please or to participate in this conversation.