Protecting LSRAR CSRF with the REST API

Question

Protecting LSRAR CSRF with the REST API

I have this code at the top of the routes file

Route::when('*', 'csrf', array('post', 'put', 'delete'));

When I test my RESTful API level, I get a token mismatch error. How to solve this?

I use CSRF protection for the regular submission of forms that the user can do. But how will this work for the API? I have API calls grouped after my regular routes as below

Route::group(array('prefix' => 'api'), function () {
Route::resource('shows', 'ShowsApiController');
Route::resource('episode', 'EpisodesApiController');
Route::resource('genre', 'GenresApiController');
});

+4

rest api csrf laravel

Vijayanand premnath May 10 '16 at 8:49

source share

2 answers

- api. Laravel , , web middleware.

Route::group(['middleware' => 'web'], function () { routes.php , laravel , . RouteServiceProvider.php : https://github.com/laravel/laravel/blob/master/app/Providers/RouteServiceProvider.php#L56.

, 'middleware' => 'web' routes.php. web , , csrf , api, (api , cookie csrf).

+3

Giedrius Kiršys 10 '16 9:17

Achraf Khouadja · Accepted Answer · 2016-05-10T11:11:06+0000

AT App\Http\Middleware\VerifyCsrfToken

you will have this class, add your routes in $ except

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
  protected $except = [
    'shows/*',
    'episode/*',
    'genre/*',
  ];
}

Protecting LSRAR CSRF with the REST API

More articles: