4

I am using paytabs payment gateway api. In that api, a redirect url have to given, so that once the transaction is completed, the page will redirect automatically to your given redirect url. The url was a GET url but since the response of the api comes as a POST type, I was unable to use get url. To resolve that issue, I made that route a POST url but by making it post method, I am not getting any CSRF token. In the end, I get this issue.

TokenMismatchException in VerifyCsrfToken.php line 68:

Is there any way by which I could disbale CSRF token functionality for only single POST url?

--SUGGESTION TRIED-- I did this as per your suggestion 

class VerifyCsrfToken extends Middleware
{
    protected $except = [
        'signup/complete',
    ];
}

and now getting 

Class 'Middleware' not found
nerdyDev
  • 376
  • 3
  • 15

3 Answers3

6

From the docs:

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

class VerifyCsrfToken extends Middleware
{
    protected $except = [
        'stripe/*',
        'http://example.com/foo/bar',
        'http://example.com/foo/*',
    ];
}
Alexey Mezenin
  • 158,981
  • 26
  • 290
  • 279
  • Thanx for your help @alexey but it gives another error and stopped my every routes. – nerdyDev Jan 19 '18 at 11:15
  • @nerdyDev edit existing middleware and not create a new one. – Alexey Mezenin Jan 19 '18 at 11:15
  • i have updated the question, under the question i have done the changes in web.php as your said and the response in question as well. thanks – nerdyDev Jan 19 '18 at 11:16
  • This url is not under middleware, its just seperate. I provided //////// in forms to handle this token, not by routes. – nerdyDev Jan 19 '18 at 11:19
  • @nerdyDev I'm talking about the `app/Http/Middleware/VerifyCsrfToken.php` middleware. – Alexey Mezenin Jan 19 '18 at 11:25
  • Declaration of App\Http\Middleware\VerifyCsrfToken::handle($request, App\Http\Middleware\Closure $next) should be compatible with Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::handle($request, Closure $next) -------------------------------------This error comes by that changes in verifycsrftoken.php – nerdyDev Jan 19 '18 at 11:27
  • @nerdyDev you're getting both errors because you're changing the middleware. Don't change anything, just add your route to the `$except` array. – Alexey Mezenin Jan 19 '18 at 11:29
  • @nerdyDev no. Look at the original `VerifyCsrfToken` middleware. There is the `$except` property with an empty array. Copy the path you want to exclude in this array and save. – Alexey Mezenin Jan 19 '18 at 11:32
  • 2
    That worked @alexey thanks alot. U deserve a up vote. Thanks once again. – nerdyDev Jan 19 '18 at 11:33
0

You can exception in csrf middleware. go to app/http/Middleware/VirefyCsrfToken.php

class VerifyCsrfToken extends BaseVerifier{
    protected $except = [
     'route url1',
     'route url2',

    ]
}
Salar Bahador
  • 1,433
  • 1
  • 14
  • 26
0

for how use localhost in your project folder /app/http/middleware/VerifyCsrfToken.php edit 

protected $except = [
    //
    'http://localhost/blog/return_url',  // your url
];
mohamed elshazly
  • 508
  • 3
  • 8