You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can't exclude URIs from CSRF verification because of this LoC
Laravel Airlock is using the middleware from the Illuminate package instead of the local one.
This way the $except remains always an empty array, and I can't exclude URIs.
Steps To Reproduce:
Add URIs to the $except array in App\Http\Middleware\VerifyCsrfToken.php file.
Try to access this route without a CSRF token.
Suggestion
Add to the config/airlock.php file a configuration variable:
Hmm that indeed seems problematic but I'm not sure if the current solution is the best one? What you can do instead is perhaps bind your implementation to the foundation one through the container:
@driesvints My solution may not be the best one, but binding to the container it's just a workaround in my opinion.
I'm sure more some people are using the $except property, so a solution must be documented for them.
Description:
I can't exclude URIs from CSRF verification because of this LoC
Laravel Airlock is using the middleware from the Illuminate package instead of the local one.
This way the
$except
remains always an empty array, and I can't exclude URIs.Steps To Reproduce:
$except
array inApp\Http\Middleware\VerifyCsrfToken.php
file.Suggestion
Add to the
config/airlock.php
file a configuration variable:'csrfMiddleware` => App\Http\Middleware\VerifyCsrfToken::class,
And make sure to use it in the
EnsureFrontendRequestAreStateful
:The text was updated successfully, but these errors were encountered: