Laravel Disable CSRF Token Protection on Routes

Laravel Disable CSRF Token Protection on Routes

If for some reason you need to disable the CSRF token protection on your routes, this is very easy to do, for specific routes, just add specific routes in VerifyCsrfToken.php file and for all routes, you need to remove or comment out VerifyCsrfToken::class from the kernel.php file.

Laravel disable CSRF token protection example. In this Laravel tutorial, we will learn how to disable CSRF token protection on all routes (web and api) and specific routes in laravel apps.

How to Disable CSRF Token Protection on Routes in Laravel

Here are some options on how to disable CSRF token protection for all routes (web and API) and specific routes:

Option 1: Laravel Disable CSRF Protection All Routes

To disable CSRF token protection on all (web, api & other) routes in laravel, Simply Navigate to app/HTTP/ directory, Open Kernal.php file, and remove or comment out this line \App\Http\Middleware\VerifyCsrfToken::class from app\Http\Kernel.php file; as follows:

    protected $middlewareGroups = [
        'web' => [
            // \Illuminate\Session\Middleware\AuthenticateSession::class,

Option 2: Laravel Disable CSRF Protection on Specific Routes

Navigate to app\Http\Middleware and open VerifyCsrfToken.php file, and add a specific route url in protected $except = ['route1', 'route2']; array to disable CSRF protection for specific routes in laravel; is as follows:

namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     * @var bool
    protected $addHttpCookie = true;
     * The URIs that should be excluded from CSRF verification.
     * @var array
    protected $except = ['route1', 'route2'];


In this tutorial, we have learned how to disable csrf token protection for all routes or specific routes in laravel apps.

Recommended Laravel Tutorials

Recommended:-Laravel Try Catch


Greetings, I'm Devendra Dode, a full-stack developer, entrepreneur, and the proud owner of My passion lies in crafting informative tutorials and offering valuable tips to assist fellow developers on their coding journey. Within my content, I cover a spectrum of technologies, including PHP, Python, JavaScript, jQuery, Laravel, Livewire, CodeIgniter, Node.js, Express.js, Vue.js, Angular.js, React.js, MySQL, MongoDB, REST APIs, Windows, XAMPP, Linux, Ubuntu, Amazon AWS, Composer, SEO, WordPress, SSL, and Bootstrap. Whether you're starting out or looking for advanced examples, I provide step-by-step guides and practical demonstrations to make your learning experience seamless. Let's explore the diverse realms of coding together.

Leave a Reply

Your email address will not be published. Required fields are marked *