How to have csrf token from mobile in Laravel Application

Question

I am building a cordova application,

In the Login Authentication

From Web, I am sending the _token , email & password .

But From Mobile, I can't generate _token as it is basically a .html file.

I planned to do a request in the form document.ready to a controller which will generate _csrf token. So that i can use that token for that request.

But it can be watched from browser's Network Tab.

How can set the csrf _token to the form without others knowledge (safe way).

Or How it can be deal without any vulnerabilities

Answer 1

to disable csrf token for a specific url follow this. First go to app/Http/Middleware/VerifyCsrfToken.php then use your url to avoid csrf token

protected $except = [
    'my/url',
];

Answer 2

You can disable CSRF token checking in your laravel application for all routes. just open app/Http/Middleware/VerifyCsrfToken.php file and add '*' in $except array

Eg.

protected $except = [
        '*'
    ]; 

my VerifyCsrfToken.php file

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        '*'
    ];
}