Support the ongoing development of Laravel.io →
Configuration Mail Queues
Last updated 2 years ago.
0

I've got the same error, please, somebody?

0

POST requests are required to have a CSRF token in them. So you'll have to disable CSRF token verification for your endpoint. You can do it by either disabling CSRF protection altogether, or add an exception for you endpoint in App\Http\Middleware\VerifyCsrfToken@handle().

0

Well, let's say the POST request is done at domain.com/webhook What should I do to only let POST request on this url get done without CSRF protection?

0

Something like that.

// app/Http/Middleware/VerifyCsrfToken.php
...
	public function handle($request, Closure $next)
	{
		if ($request->url() == '/webhook') 
			return $next($request);

		return parent::handle($request, $next);
	}
0

Thanks a lot!!

0

Hey there,

I have a simple and short solution for this,

By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,

you can always take the help of sessions, just create a temporary session of queue process before pushing queue,

session('processing.queue', true);
Queue:push('Testing', []);

now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware

public function handle($request, Closure $next)
    {
        if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue'))
        {
            session()->forget('processing.queue');

            return $this->addCookieToResponse($request, $next($request));
        }

        throw new TokenMismatchException;
    }

so we are here allowing POST request only if the session exists and also deleting that session for security reason

Last updated 9 years ago.
0

kunaldodiya said:

Hey there,

I have a simple and short solution for this,

By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,

you can always take the help of sessions, just create a temporary session of queue process before pushing queue,

session('processing.queue', true);
Queue:push('Testing', []);

now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware

public function handle($request, Closure $next)
   {
       if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue'))
       {
           session()->forget('processing.queue');

           return $this->addCookieToResponse($request, $next($request));
       }

       throw new TokenMismatchException;
   }

so we are here allowing POST request only if the session exists and also deleting that session for security reason

0

Sign in to participate in this thread!

Eventy

Your banner here too?

thiduzz thiduzz Joined 23 Sep 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.