php – 在Laravel 5中,如何针对特定路由禁用VerifycsrfToken中间件？

我正在使用Laravel 5开发应用程序.我的应用程序与VendHQ API相关联,我打算通过他们的webhook从VendHQ获取一些数据.按他们的Documentation

When an event happens and triggers a webhook, we’ll send a POST
request to a URL of your choosing. The POST request will be in the
UTF-8 charset, and application/x-www-form-urlencoded encoding.

问题是,当他们尝试向我的Laravel应用程序发送POST请求时,他们的帖子请求中没有添加CSRF令牌,并且VerifyCsrfToken中间件正在寻找令牌,最后它会抛出TokenMismatchException.

我的问题是,如何在保持其他帖子请求有效的同时避免某些特定路由的默认VerifyCsrfToken中间件？

解决方法:

默认情况下,在Laravel 5中的所有路由上启用CSRF,您可以通过修改app / Http / Middleware / VerifyCsrfToken.php来禁用特定路由

//app/Http/Middleware/VerifyCsrfToken.php

//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];

//modify this function
public function handle($request, Closure $next)
    {
        //add this condition 
    foreach($this->openRoutes as $route) {

      if ($request->is($route)) {
        return $next($request);
      }
    }

    return parent::handle($request, $next);
  }

source

标签：csrf-protection,php,laravel,laravel-5
来源： https://codeday.me/bug/20190927/1823728.html