jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Exclude certain routes from csrf protection

Browse source
This commit is contained in:
Jonny Barnes 2024-03-23 14:18:02 +00:00
parent 03b8c1677c
commit e95186e1fd
Signed by: jonny
SSH key fingerprint: SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bootstrap/app.php
View file

@ -12,6 +12,13 @@ return Application::configure(basePath: dirname(__DIR__))
health: '/up', health: '/up',
) )
->withMiddleware(function (Middleware $middleware) { ->withMiddleware(function (Middleware $middleware) {
$middleware->validateCsrfTokens(except: [
'api/token',
'api/post',
'api/media',
'micropub/places',
'webmention',
]);
$middleware->append(CSPHeader::class); $middleware->append(CSPHeader::class);
}) })
->withExceptions(function (Exceptions $exceptions) { ->withExceptions(function (Exceptions $exceptions) {