Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

laravel 11 app fails on Custom VerifyCsrfToken middleware

byMR
May 14, 2024

I created a new laravel 11 app running on php 8.3.7 and i want to exclude some paths from csrf validation

after carefully reading the documentation https://laravel.com/docs/11.x/middleware#registering-middleware

i edited my app.php inside the bootstrap folder like this

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

<?php

use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__ . '/../routes/web.php',
        commands: __DIR__ . '/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->append([
            App\Http\Middleware\VerifyInstallation::class,
            Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
            App\Http\Middleware\TrimStrings::class,
            Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
            App\Http\Middleware\TrustProxies::class
        ]);

        $middleware->web(append: [
            App\Http\Middleware\SelectLanguage::class,
            App\Http\Middleware\CorsMiddleware::class,
            App\Http\Middleware\GameCdnMiddleware::class
        ]);

        $middleware->web(replace: [
            Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class =>App\Http\Middleware\CustomVerifyCsrfToken::class,
        ]);

        $middleware->api(append: [
            App\Http\Middleware\UseApiGuard::class,
            'throttle:60,1',
            'bindings'
        ]);


    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();

and my custom middleware

<?php
    namespace App\Http\Middleware {
        class CustomVerifyCsrfToken extends \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken
        {
            protected $except = [
                '/profile/contact'
            ];
        }
    
    }

in debugger i noticed that the $except array is empty and my request returns 419,
i tried all the variations according to the documentation but non works, the middleware is invoked even if i dont specify it at all (by the way my route is specified in web.php)

>Solution :

You do not need to create a new middleware. In laravel 11, you can go to bootstrap/app.php and add URIs in except array.

$middleware->validateCsrfTokens(except: [
    'stripe/*',
    'http://example.com/foo/bar',
    'http://example.com/foo/*',
]);

Further detail can be found here.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading