1<meta name="csrf-token" content="{{ csrf_token() }}" />
2
3<script type="text/javascript">
4$.ajaxSetup({
5 headers: {
6 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
7 }
8});
9</script>
1public function refreshCSRFToken()
2{
3 session()->regenerate();
4 return response()->json(['token' => csrf_token()]);
5}
6
7<script>
8 setInterval(function () {
9 $.ajax({
10 url: "{{ route('updateCSRF') }}",
11 type: 'get',
12 dataType: 'json',
13 success: function (result) {
14 $('meta[name="csrf-token"]').attr('content', result.token);
15 $('input[name="_token"]').val(result.token)
16 $.ajaxSetup({
17 headers: {
18 'X-CSRF-TOKEN': result.token
19 }
20 });
21 },
22 error: function (xhr, status, error) {
23 console.log(xhr);
24 }
25 });
26 }, 15 * (60 * 1000))
27</script>
1//In laravel 7. Open file \App\Http\Middleware\VerifyCsrfToken.php
2//Disable for all routes
3
4protected $except = [
5 '*',
6];
7//Disable for some routes
8 protected $except = [
9 'mobile/*',
10 'news/articles',
11];
12//I searched for a long time how to disable CSRF completely,
13//there are many identical examples but they do not help
1<form method="POST" action="/profile">
2 @csrf
3 <input name="name">
4 <button type="submit">send</button>
5</form>