Anadi Misra Anadi Misra - 6 months ago 28
PHP Question

disable CSRF middleware based on environment in Laravel

In my application I want to disable CSRF when running on my laptop

APP_ENV=local
and on development too
APP_ENV=dev
. Can't get my head throguh how to do it in either routes.php or the web middleware. here's my routes.php

Route::group(['middleware' => ['web']], function () {

Route::get('/', function () {
return view('welcome');
})->middleware('guest');

Route::group(['middleware' => 'auth'], function()
{
Route::resource('battles', 'BattlesController'); //, ['except' => ['index']]);
Route::resource('disputes', 'DisputesController');
Route::resource('messages', 'MessagesController');
});

});


I could use some env file loading magic to ensure the app loads either of
.local.ev, .dev.env, .test.env, .production.env
but I still have to find a way to ensure that the web middleware includes CSRF only when not in local or dev

Answer

The easiest way will be to disable the CSRF check directly in the middleware. In order to do that you'll need to modify App\Http\Middleware\VerifyCsrfToken class. Add there the following handle() method:

public function handle($request, \Closure $next)
{
    if (in_array(env('APP_ENV'), ['local', 'dev'])) {
        return $next($request);
    }

    return parent::handle($request, $next);
}
Comments