Support the ongoing development of Laravel.io →
thiduzz
posted 9 years ago
Configuration Mail Queues
Last updated 2 years ago.
0
blyleven
replied 9 years ago

I've got the same error, please, somebody?

0
xum
replied 9 years ago

POST requests are required to have a CSRF token in them. So you'll have to disable CSRF token verification for your endpoint. You can do it by either disabling CSRF protection altogether, or add an exception for you endpoint in App\Http\Middleware\VerifyCsrfToken@handle().

0
blyleven
replied 9 years ago

Well, let's say the POST request is done at domain.com/webhook What should I do to only let POST request on this url get done without CSRF protection?

0
xum
replied 9 years ago

Something like that.

// app/Http/Middleware/VerifyCsrfToken.php
...
	public function handle($request, Closure $next)
	{
		if ($request->url() == '/webhook') 
			return $next($request);

		return parent::handle($request, $next);
	}
0
blyleven
replied 9 years ago

Thanks a lot!!

0
kunaldodiya
replied 9 years ago

Hey there,

I have a simple and short solution for this,

By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,

you can always take the help of sessions, just create a temporary session of queue process before pushing queue,

session('processing.queue', true);
Queue:push('Testing', []);

now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware

public function handle($request, Closure $next)
    {
        if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue'))
        {
            session()->forget('processing.queue');

            return $this->addCookieToResponse($request, $next($request));
        }

        throw new TokenMismatchException;
    }

so we are here allowing POST request only if the session exists and also deleting that session for security reason

Last updated 9 years ago.
0
kunaldodiya
replied 9 years ago

kunaldodiya said:

Hey there,

I have a simple and short solution for this,

By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,

you can always take the help of sessions, just create a temporary session of queue process before pushing queue,

session('processing.queue', true);
Queue:push('Testing', []);

now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware

public function handle($request, Closure $next)
   {
       if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue'))
       {
           session()->forget('processing.queue');

           return $this->addCookieToResponse($request, $next($request));
       }

       throw new TokenMismatchException;
   }

so we are here allowing POST request only if the session exists and also deleting that session for security reason

0

Sign in to participate in this thread!

Eventy

Your banner here too?

thiduzz thiduzz Joined 23 Sep 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
BairesDev
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise