I have a route that serves as a webhook endpoint that gets called by a remote service, but the calls that the service makes to the webhook always fail.
After some inspection of the service logs, I learned that the service is getting an HTTP error code 419.
I used to add exceptions inside the $except
property of the AppHttpMiddlewareVerifyCsrfToken
middleware, However, I’m on Laravel 11 and I can’t find this middleware anymore. What is the solution to this problem?
2
Answers
Starting from Laravel 11, the
VerifyCsrfToken
middleware no longer exists within the application's skeleton.Instead, you can specify which routes should bypass the CSRF verification process using the
validateCsrfTokens()
method. You can call this method inside thewithMiddleware()
method callback within yourbootstrap/app.php
file. For example:More information available at the documentation at: https://laravel.com/docs/11.x/csrf#csrf-excluding-uris
Even if the VerifyCsrfToken is not in the default app anymore, you can still use it in L11 as it is still in the framework :
https://github.com/laravel/framework/blob/11.x/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
So you can use it as in previous version of Laravel :
create a VerifyCsrfToken custom Middleware :
and just add it inside your
middlewareGroups
insideKernel.php
: