As per Laravel 5.4 Docs, you can exclude a route from CSRF verification by adding the route to $except property at VerifyCsrfToken middleware. But for some reason, a route with parameters couldn't be excluded with exact route name unless excluded from main route itself.
Expected route to be excluded:
protected $except = [
'main/{id}/sub/*'
];
Only works through:
protected $except = [
'main/*'
];
How do you exclude a route with parameters from CSRF verification?
Since under the hood this feature uses request()->is() method, maybe this will work for you:
protected $except = [
'main/*/sub/*'
];