Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi there.
I am using a service called CameraTag (https://cameratag.com/) to allow the user to record video through their webcam. This service has a feature that will send a callback to your server when a video is uploaded and ready to be viewed (details here: http://www.cameratag.com/v6/docs/app_advanced#callback). According to the docs, this feature will POST JSON to a URL you can specify.
I have specified a URL in the settings of the service. I have added a route to my Laravel site for that URL. Lastly, I added the route to the exception list in the VerifyCsrfToken middleware.
I have done several tests of this callback feature and it doesn't seem to be working. Looking at laravel.log, I can see the POST attempts being refused and Laravel is throwing a TokenMismatchException, so it seems like it isn't respecting the exception list in VerifyCsrfToken.php.
This is my first experiencing trying to accept a callback to my server like this. Can anyone give any recommendations on a way I can troubleshoot this issue?
Thanks for your help.
You are on Laravel 5.1 ?
have you included the wildcard?
Case sensitivity should not be an issue but I would consider it
Any ideas by looking at Laravel news tutorial https://laravel-news.com/2015/06/excluding-routes-from-the-csrf-middleware
Hello and thanks for you response.
Yes, I am on 5.1. I took exactly (case included) what I have defined in routes.php for that route and pasted it into the $except variable in VerifyCsrfToken.php. I also tried various other combinations, such as with and without wildcard, with and without leading '/', etc... Can't get it to do anything else.
When you tested it did you simulate a POST ?
Yes, I am using hurl.it (https://www.hurl.it/) to test the route. The server is returning a TokenMismatchException.
I figured it out. I had copied the route URI directly as it was into the $except field of VerifyCsrfToken. Unfortunately, all my routes have a preceding '/'. I was sure I had already tested this without the preceding '/' but apparently not. I copied the route and removed the preceding slash and it works perfectly now.
Thanks for your help.
Please or to participate in this conversation.