VerifyCsrfToken except subdomain

Published 1 year ago by 1978

Is there a way to exclude some subdomains from csrf validation?

    protected $except = [
        'http://api.v1.todomon.dev/*',
        'http://api.todomon.dev/v1/*',
    ];
Best Answer (As Selected By 1978)
Ozan

You can overwrite the shouldPassThrough method in BaseVerifier class.

    /**
     * Determine if the request has a URI that should pass through CSRF verification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function shouldPassThrough($request)
    {
        foreach ($this->except as $except) {
            
            if (Str::is($except, $request->url())) {
                return true;
            }

            return false;
        }
    }
Ozan
Ozan
1 year ago (56,370 XP)

You can overwrite the shouldPassThrough method in BaseVerifier class.

    /**
     * Determine if the request has a URI that should pass through CSRF verification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function shouldPassThrough($request)
    {
        foreach ($this->except as $except) {
            
            if (Str::is($except, $request->url())) {
                return true;
            }

            return false;
        }
    }
1978
1978
1 year ago (39,760 XP)

So now I cannot use 'tasks/*' any more? Only full url?

d3xt3r
d3xt3r
1 year ago (145,870 XP)

Modify the above as

     /**
     * Determine if the request has a URI that should pass through CSRF verification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function shouldPassThrough($request)
    {
        foreach ($this->except as $except) {
            
            if (Str::is($except, $request->url())) {
                return true;
            }
        }
        return parent::shouldPassThrough($request);
    }

Sign In or create a forum account to participate in this discussion.