Anadi Misra Anadi Misra - 5 months ago 22
PHP Question

disable CSRF middleware based on environment in Laravel

In my application I want to disable CSRF when running on my laptop

and on development too
. Can't get my head throguh how to do it in either routes.php or the web middleware. here's my routes.php

Route::group(['middleware' => ['web']], function () {

Route::get('/', function () {
return view('welcome');

Route::group(['middleware' => 'auth'], function()
Route::resource('battles', 'BattlesController'); //, ['except' => ['index']]);
Route::resource('disputes', 'DisputesController');
Route::resource('messages', 'MessagesController');


I could use some env file loading magic to ensure the app loads either of
.local.ev, .dev.env, .test.env, .production.env
but I still have to find a way to ensure that the web middleware includes CSRF only when not in local or dev


The easiest way will be to disable the CSRF check directly in the middleware. In order to do that you'll need to modify App\Http\Middleware\VerifyCsrfToken class. Add there the following handle() method:

public function handle($request, \Closure $next)
    if (in_array(env('APP_ENV'), ['local', 'dev'])) {
        return $next($request);

    return parent::handle($request, $next);