This article was originally published on bmf-tech.com.
When implementing AJAX with Laravel, React, and Superagent, I encountered a 500 error. Initially, I thought, "No way it's the Token, I know better than that," but it turned out the CsrfToken was indeed the cause.
Solution
While you can include the Token in the header, which feels a bit hard-coded, I believe a smarter approach is to exclude the relevant URL in VerifyCsrfToken.php. Here's how you can do it:
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'api/*'
];
}
You can even use wildcards.
Thoughts
There are many articles like this, and I feel like kicking myself for falling into the same trap...
Top comments (0)