I have a plugin for my app that users can implement in their website that contains a form. The problem is that I get TokenMismatchExceptionwhen the form is submitted. From the research I've done I can see there is a protection for cross-origin from Laravel.
I know I can disable it, but I don't know how to protect the form after that.
Have any of you come across this issue? What is the best practice?
Thank you
Note: I've noticed that if the user has previously visited the original website and then goes to the website where the iframe is included, the Exception is not throwing anymore.
Laravel doesn't allow forms to be submitted from other domains, but you can set an exception.
You can add the exception in App/Http/Middleware/VerifyCsrfToken.php.
protected $except = [
'post/something'
];
Source: EasyLaravel