Support the ongoing development of Laravel.io →
Requests Input Forms
Last updated 2 years ago.
0

As far as I know routes don't apply csrf filter by default. Give some more information.

0

I have this small test form to simulate the posting of data from my legacy app: http://laravel.io/bin/1yWKv

This is what my route looks like: http://laravel.io/bin/wJbNb

If I load /legacyPostTest manually, I get a nice empty var_dump (since no post data): http://puu.sh/dxtdc/ddf38f1ee8.png

But if I click the submit button in my test form, I get CSRF token error: http://puu.sh/dxskw/7a1b707e79.png

Once again, I'm not against CSRF protection in the long run. For now though, I want to bypass CSRF protection on a route by route basis, while I slowly work on rewriting old legacy code.

Last updated 9 years ago.
0

Can you use get for test, switch to post in production. I ran into this csrf seems to be required in L5 when using post.

0

I would prefer not to due to the length and nature of these forms. The less I touch the legacy code the better. I know CSRF protection can be disabled project-wide by editing Http\Kernel, but I don't want to hamper new app code that intends to use CSRF.

0

I figured out a solution, thanks to this article: http://mattstauffer.co/blog/laravel-5.0-middleware-replacing-filters

Here's my edited Http\Kernel file: http://laravel.io/bin/Oexy4#14,26 ...You can see I commented out the CSRF middleware in the global $middleware stack, and instead added it as part of the $routeMiddleware stack. This makes CSRF protection optional.

Then, I need to re-apply CSRF protection using route grouping: http://laravel.io/bin/xKJ3k#8-14 ...The 'legacyPostTest' route now accepts post data without CSRF token, which is great while I work on updating all my ugly legacy code :)

I wonder if there's a cleaner way to do this though. Though the method above works, I wish I could do the opposite: Leave CSRF protection set as globally enforced middleware, and just bypass it on specific routes that pertain to ugly legacy form code. Does anyone have any advice here?

Last updated 9 years ago.
0

Does it really look like a plate of spaghetti?

0

Yes it does, but it doesn't look appetizing at all :(

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.