3

I have a Controller with the following code

class FormController extends Controller
{
    public function submit(Request $request)
    {
        dd($request);

    }
}

I remember about csrf protection and I've found my csrf token on my frontend. So, I've added it on the fields in http client insomnia. But as the result I've the following

enter image description here

Content-Type is multipart/form-data. What is wrong?

Aleksej_Shherbak
  • 2,757
  • 5
  • 34
  • 71

1 Answers1

3

Laravel has middleware group called web that protects your routes. it's inside the web.php file. you can see routes middleware in the app/Providers/RouteServiceProvider.php

protected function mapWebRoutes()
{
    Route::middleware('web')
         ->namespace($this->namespace)
         ->group(base_path('routes/web.php'));
}

web middleware group add lots of middleware to your project such as VerifyCsrfToken

you could see list of them in `app/Http/Kernel.php'

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

as you may know, Laravel has another middleware and route folder called api, that doesn't have any CSRF protection. you can declare your route that doesn't need CSRF protection (I mean API of your application) to route/api.php

By declaring that kind of routes in route/api.php file you can easily make the request with Postman/Insomnia like app.

hoseinz3
  • 618
  • 4
  • 13