Laravel - CSRF Protection - Csrf Excluding Uris
Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.
Typically, you should place these kinds of routes outside of the
web middleware group that the
App\Providers\RouteServiceProvider applies to all routes in the
routes/web.php file. However, you may also exclude the routes by adding their URIs to the
$except property of the
For convenience, the CSRF middleware is automatically disabled for all routes when running tests.