How to disable CSRF Token in Laravel and why we have to disable it?

Question

I want to see how I can disable CSRF token in Laravel and where I have to disable it. Is this good to disable it or not?

Answer 1

The CSRF token protects your application and it's users against cross-site request forgery. For more information on that, have a read here:

https://en.wikipedia.org/wiki/Cross-site_request_forgery

The token is validated via Middleware in Laravel. If you take a look at the file app/Http/Middleware/VerifyCsrfToken.php, you will see it gives you the option to add URLs that should be exempt from CSRF verification.

If you want to disable it entirely, you can find it in the Middleware group named web in app/Http/Kernel.php. Those are the middlewares that fire by default over HTTP requests.

I wouldn't recommend disabling it where possible though.