I need disable csrf token for certain referer. How I can do it?
I tried:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
$_SERVER['HTTP_REFERER'] == 'http://example.com' ? '/example' : '',
];
But me get error: expression is not allowed as field default value
$except field is used to exclude specified URLs from CSRF checks. If you want to skip the check for requests from specific referer then you need to extend your VerifyCsrfToken middleware class and provide new handle method with something like this:
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
// If request comes from specific referer...
if ($request->headers->get('referer') == 'http://example.com') {
// ... then we append $except with URL to ignore.
$this->except[] = '/example';
}
// After that we pass the control to original method's implementation
// that will perform the check as usual.
return parent::handle($request, $next);
}
