Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
In Laravel 12 where I place the route / path of the page to exclude from CSRF verification?
I know CSRF is a best practice but I'm working on a AJAX toggle into user panel, so the user is already authenticated.
Thanks, Simon
The csrf has nothing to do with the authentication of the user, it has to do with protecting your application from malicious requests from other sites and trying to fool your application into thinking that it is a legit request.
Don't disable it, it's there for your safety.
Add the csrf token to your AJAX request. use '{{ csrf_token() }}'.
Make sure you wrap {{ csrf_token() }} between single or double quotes so it returns a string.
note that this only works if your ajax request is a script in your blade file. Obviously not working if your script is included as a js file.
Please or to participate in this conversation.