Let’s say you have the following dynamic web route and would like to exclude it from csrf protection in your Laravel application:
Route::post('access-points/{access_point}/airtime-requests', 'AccessPointAirtimeRequestController');
In your app/Http/Middleware/VerifyCsrfToken.php file, add the following to the $except array to exclude the above route:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'access-points/*/airtime-requests', // <--- ADD THIS
];
This has worked for me, hope it does for you too 🙂.