Encountering CsrfToken Issues with AJAX in Laravel

This article was originally published on bmf-tech.com . When implementing AJAX with Laravel, React, and Superagent, I encountered a 500 error. Initially, I thought, "No way it's the Token, I know better than that," but it turned out the CsrfToken was indeed the cause. Solution While you can include the Token in the header, which feels a bit hard-coded, I believe a smarter approach is to exclude the relevant URL in VerifyCsrfToken.php . Here's how you can do it: <?php namespace App\Http\Middleware; use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier; class VerifyCsrfToken extends BaseVerifier { /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ 'api/*' ]; } You can even use wildcards. Thoughts There are many articles like this, and I feel like kicking myself for falling into the same trap...