Laravel 5 TokenMismatchException only in iFrame

Question

I have a working form:

    {!! Form::open() !!}
            

                Name
            


        
      

Answer 1

Laravel 5 has a global middleware enabled called VeryifyCsrfToken that checks all POST requests for a token to apply Cross-site request forgery protection.

Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of the authenticated user.

Allowing users to submit your form from an iframe on a different domain is exactly the kind of thing Laravels CSRF protection is trying to prevent.

There is a way to disable CSRF verification for certain URL's. You can add a new item to the $except array to exclude that url from CSRF verification.

Http/Middleware/VerifyCsrfToken.php