Created
July 25, 2019 05:08
-
-
Save shijij/54dd590ba17d525422c3a76d0eca118e to your computer and use it in GitHub Desktop.
Laravel skip/except CSRF verification by domain name (useful for multiple subdomains)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Http\Middleware; | |
| use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware; | |
| class VerifyCsrfToken extends Middleware | |
| { | |
| /** | |
| * Indicates whether the XSRF-TOKEN cookie should be set on the response. | |
| * | |
| * @var bool | |
| */ | |
| protected $addHttpCookie = true; | |
| /** | |
| * The URIs that should be excluded from CSRF verification. | |
| * | |
| * @var array | |
| */ | |
| protected $except = [ | |
| ]; | |
| /** | |
| * The domains that should be excluded from CSRF verification. | |
| * | |
| * @var array | |
| */ | |
| protected $exceptDomains = [ | |
| ]; | |
| /** | |
| * Determine if the request has a URI/Domain that should pass through CSRF verification. | |
| * | |
| * @param \Illuminate\Http\Request $request | |
| * @return bool | |
| */ | |
| protected function inExceptArray($request) | |
| { | |
| if (in_array($request->getHost(), $this->exceptDomains, true)){ | |
| return true; | |
| } | |
| return parent::inExceptArray($request); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment