Laravel disable CSRF token protection example. In this tutorial, you will learn how to disable CSRF token protection on all routes and specific routes in laravel apps.

When you work with laravel apps and you face problems like laravel csrf token mismatch, laravel csrf token expiration time, csrf token mismatch laravel ajax, and romove csrf token in laravel form. So this tutorial will guide to step by step to remove csrf protection on all routes or specific routes in laravel apps.

Laravel Disable CSRF Token Protection

Now you will learn how to disable CSRF token protection on all routes and specific routes as follow:

Laravel Disable CSRF Protection All Routes

To disable CSRF protection on all routes. So navigate to app\Http\Middleware and open VerifyCsrfToken.php file. Then update the routes, which you want to disable CSRF protection.

Suppose you have following routes into your laravel apps and want to disable CSRF protection all routes:

Route::post('route1', 'ExampleController@index1');
Route::post('route2', 'ExampleController@index2');
Route::post('route3', 'ExampleController@index3');

Next, Navigate to app/HTTP/and Open Kernal.php file. And remove or comment out this \App\Http\Middleware\VerifyCsrfToken::class line in app\Http\Kernel.php as follow:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        //\App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

Laravel Disable CSRF Protection on Specific Routes

To disable CSRF protection on specific routes. So navigate to app\Http\Middleware and open VerifyCsrfToken.php file. Then update the routes, which you want to disable CSRF protection.

Suppose you have following routes into your laravel apps and want to disable CSRF protection all routes:

Route::post('route1', 'ExampleController@index1');
Route::post('route2', 'ExampleController@index2');
Route::post('route3', 'ExampleController@index3');

Next, Navigate to app/HTTP/Middleware and Open VerifyCsrfToken.php file. Then update the following routes into VerifyCsrfToken.php file in your laravel apps as follow:

<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = ['route1', 'route2'];
}

Conclusion

In this tutorial, you have learned how to disable csrf token protection for all routes or specific routes in laravel apps.