I am using Laravel 5 to develop an app. My app is connected with VendHQ API and I intend to get some data from VendHQ through their webhook. As per their Documentation
When an event happens and triggers a webhook, we’ll send a POST request to a URL of your choosing. The POST request will be in the UTF-8 charset, and application/x-www-form-urlencoded encoding.
The problem is, when they try to send a POST request to my Laravel app, no CSRF Token is added in their post request, and VerifyCsrfToken middleware is looking for a token and finally it throws a TokenMismatchException.
How can I avoid this default VerifyCsrfToken Middleware for some specific routes while keeping other post requests active?
CSRF is enabled by default on all Routes in Laravel 5, you can disable it for specific routes by modifying app/Http/Middleware/VerifyCsrfToken.php
//app/Http/Middleware/VerifyCsrfToken.php
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];
//modify this function
public function handle($request, Closure $next)
{
//add this condition
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
return parent::handle($request, $next);
}