this is my scenario: we need to use some Laravel API methods in the same web app where they are stored. (I'm using Laravel 5.5) I have the api routes used by third parts applications with Bearer Token and the worked like a charm. So, I've created other routes group that doesn't use "api:auth" middleware but the "auth" one (with "web" middleware addition).
RouteService provider initialization (method invoked in "map" one):
protected function mapWebApiRoutes()
{
Route::prefix('web_api')
->middleware('web')
->as('web_api.')
->namespace($this->namespace."\\API")
->group(base_path('routes/web_api.php'));
}
Routes declaration:
Route::group(['prefix' => 'v1', 'middleware' => ["auth"]], function () {
// routes....
});
So, if i run "php artisan route:list", it outputs routes like:
GET|HEAD | web_api/v1/controller | web_api. | ...\API\Controller@index | web,auth |
POST | web_api/v1/controller/lists | web_api. | ...\API\Controller@lists | web,auth
I've added routes to VerifyCsrfToken except array:
protected $except = [
"web_api/*"
];
The routes with GET method works as well as they can when the user is logged on our platform (through auth middleware) but the POST routes returns an unauthorized error with this body:
{message: "Unauthenticated."}
Question:
Considering that I have excluded those routes from CSRF verification, somebody could explain to me what that error is caused by?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire