I'm running a query within my controller which returns a callback url I would like to set this url to be my home controller so I can work with the data thats returned on the callback.
$loginUrl = $helper->getLoginUrl('http://myapp.app/home', $permissions);
I would like this url to be the controller of my route, currently this path returns the correct data in the url however I get the following error -
Cross-site request forgery validation failed. The "state" param from the URL and session do not match.
Is there a way to return the url back without getting a CSRF error.
from App\Http\Middleware\VerifyCsrfToken.php
you can define a rule that exclude csrf urls like:
protected $except = [
'vips/pay-result',
'wechat/access-entrance',
'wechat-mp/callback',
'admin/announcements_image_upload'
];
My CSRF issue was referring to the session it was trying to use when the callback happened.
Inside bootstrap/app.php I just started a session right at the top before the app was returned e.g.
session_start();