You can Disable CSRF on few routes by editing.

您可以通过编辑在少数路由上禁用 CSRF。

App\Http\Middleware\VerifyCsrfToken 

and add your own routes name in protected

并在 protected 中添加您自己的路线名称

$except = [] array.

It does not seems to be good practice as by doing this we are removing security feature of Laravel.

这似乎不是一个好的做法，因为这样做我们正在删除 Laravel 的安全功能。

Many people explain how to do it, but they do not explain what the url should look like.

许多人解释了如何做，但他们没有解释 url 应该是什么样子。

edit app/Http/Middleware/VerifyCsrfToken.php

编辑 app/Http/Middleware/VerifyCsrfToken.php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;

    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        '/user/my_function'
    ];
}

In the $except array(); we add a url with just a simple string. This points to a controller usually depending on how your route is setup.

在 $except 数组(); 我们用一个简单的字符串添加一个 url。这通常指向控制器，具体取决于您的路线设置方式。

For example I have a UserController.php file in my Controller folder. I have a route like. In the web.php routes file.

例如，我的 Controller 文件夹中有一个 UserController.php 文件。我有一个类似的路线。在 web.php 路由文件中。

Route::post('/user', 'UserController@my_function')->name('my_function');

Also alternatively, if you came to this question simply because you don't know how to use the CSRF and you don't actually need to disable it, or make the URL except. You can use this method.

或者，如果您只是因为不知道如何使用 CSRF 而遇到这个问题，并且您实际上不需要禁用它，或者除了创建 URL。您可以使用此方法。

Add these lines to your app.blade.php if it is used for ajax related calls.

如果 app.blade.php 用于 ajax 相关调用，请将这些行添加到您的 app.blade.php 中。

<script>
$(function() {
    $.ajaxSetup({
        headers: {
        'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
        }
    });
});
</script>

You can disable it in app/http/Kernel.phpin the webmiddleware group.

您可以app/http/Kernel.php在web中间件组中禁用它。

Is this good to disable it or not?

禁用它是否好？

Noit's not. Read the Wikipedia page about CSRFto understand what CSRF is, the CSRF-Token prevents CSRF.

不，不是。阅读有关 CSRF的维基百科页面以了解什么是 CSRF，CSRF-Token 可以防止 CSRF。

The CSRF token protects your application and it's users against cross-site request forgery. For more information on that, have a read here:

CSRF 令牌保护您的应用程序及其用户免受跨站点请求伪造。有关更多信息，请阅读此处：

https://en.wikipedia.org/wiki/Cross-site_request_forgery

https://en.wikipedia.org/wiki/Cross-site_request_forgery

The token is validated via Middleware in Laravel. If you take a look at the file app/Http/Middleware/VerifyCsrfToken.php, you will see it gives you the option to add URLs that should be exempt from CSRF verification.

令牌通过 Laravel 中的中间件进行验证。如果您查看该文件app/Http/Middleware/VerifyCsrfToken.php，您会看到它为您提供了添加应免于 CSRF 验证的 URL 的选项。

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
    ];
}

If you want to disable it entirely, you can find it in the Middleware group named webin app/Http/Kernel.php. Those are the middlewares that fire by default over HTTP requests.

如果你想完全禁用它，你可以在名为webin的 Middleware 组中找到它app/Http/Kernel.php。这些是默认通过 HTTP 请求触发的中间件。

I wouldn't recommend disabling it where possible though.

不过，我不建议在可能的情况下禁用它。

(Temporary fix. Not Recommended)

（临时修复。不推荐）

Just Open kernel.php (app/http) and disable

只需打开 kernel.php (app/http) 并禁用

App\Http\Middleware\VerifyCsrfToken::class,

Hi just go to app/Http/Kernel.php file simply commented out line no 31

嗨，只需转到 app/Http/Kernel.php 文件，只需注释掉第 31 行

// \App\Http\Middleware\VerifyCsrfToken::class,