Anadi Misra Anadi Misra - 2 years ago 137
PHP Question

disable CSRF middleware based on environment in Laravel

In my application I want to disable CSRF when running on my laptop

and on development too
. Can't get my head throguh how to do it in either routes.php or the web middleware. here's my routes.php

Route::group(['middleware' => ['web']], function () {

Route::get('/', function () {
return view('welcome');

Route::group(['middleware' => 'auth'], function()
Route::resource('battles', 'BattlesController'); //, ['except' => ['index']]);
Route::resource('disputes', 'DisputesController');
Route::resource('messages', 'MessagesController');


I could use some env file loading magic to ensure the app loads either of
.local.ev, .dev.env, .test.env, .production.env
but I still have to find a way to ensure that the web middleware includes CSRF only when not in local or dev

Answer Source

The easiest way will be to disable the CSRF check directly in the middleware. In order to do that you'll need to modify App\Http\Middleware\VerifyCsrfToken class. Add there the following handle() method:

public function handle($request, \Closure $next)
    if (in_array(env('APP_ENV'), ['local', 'dev'])) {
        return $next($request);

    return parent::handle($request, $next);
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download