VerifyCsrfToken exclude not working

Posted 7 months ago by eddieace

I'm having an issue with excluding a route from verifying CSRF token.

I'm trying to exclude all requests on an endpoint which I call so I do like this in the VerifyCsrfToken.php file.

class VerifyCsrfToken extends Middleware
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     * @var bool
    protected $addHttpCookie = true;

     * The URIs that should be excluded from CSRF verification.
     * @var array
    protected $except = [

But it does not solve the issue. If I do this in the app/Http/Kernel.php file everything works as it should.

Anyone know why I can't exclude specific routes?

    protected $middlewareGroups = [
        'web' => [
            // \Illuminate\Session\Middleware\AuthenticateSession::class,

        'api' => [

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.