POST requests are required to have a CSRF token in them. So you'll have to disable CSRF token verification for your endpoint. You can do it by either disabling CSRF protection altogether, or add an exception for you endpoint in App\Http\Middleware\VerifyCsrfToken@handle()
.
Well, let's say the POST request is done at domain.com/webhook What should I do to only let POST request on this url get done without CSRF protection?
Something like that.
// app/Http/Middleware/VerifyCsrfToken.php
...
public function handle($request, Closure $next)
{
if ($request->url() == '/webhook')
return $next($request);
return parent::handle($request, $next);
}
Hey there,
I have a simple and short solution for this,
By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,
you can always take the help of sessions, just create a temporary session of queue process before pushing queue,
session('processing.queue', true);
Queue:push('Testing', []);
now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware
public function handle($request, Closure $next)
{
if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue'))
{
session()->forget('processing.queue');
return $this->addCookieToResponse($request, $next($request));
}
throw new TokenMismatchException;
}
so we are here allowing POST request only if the session exists and also deleting that session for security reason
kunaldodiya said:
Hey there,
I have a simple and short solution for this,
By default Laravel 5 has CSRF token enabled, so no any POST Request from outside will be accepted, even not from Iron.io, so here is the trick,
you can always take the help of sessions, just create a temporary session of queue process before pushing queue,
session('processing.queue', true); Queue:push('Testing', []);
now it will create the session, when you get POST request from iron.io, you will check first, if session('processing.queue') exists or not and then add this logic to CSRF Middleware
public function handle($request, Closure $next) { if ($this->isReading($request) || $this->tokensMatch($request) || session('processing.queue')) { session()->forget('processing.queue'); return $this->addCookieToResponse($request, $next($request)); } throw new TokenMismatchException; }
so we are here allowing POST request only if the session exists and also deleting that session for security reason
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community