Remove CSRF from API POST functions

inex · Jan 9, 2019 · 2f05ce4 · 2f05ce4
1 parent 68ae7c1
commit 2f05ce4
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -82,20 +82,26 @@ class Kernel extends HttpKernel {
             Middleware\ControllerEnabled::class,
         ],
 
-        'public/api/v4' => [
-            'web',
+        'apibase' => [
+            Middleware\EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
+            ShareErrorsFromSession::class,
+            SubstituteBindings::class,
+            Middleware\ControllerEnabled::class,
             'throttle:60,1',
             'bindings',
-            'apimaybeauth',
             Middleware\ControllerEnabled::class,
         ],
 
+        'public/api/v4' => [
+            'apibase',
+            'apimaybeauth',
+        ],
+
         'api/v4' => [
-            'web',
-            'throttle:60,1',
-            'bindings',
+            'apibase',
             'apiauth',
-            Middleware\ControllerEnabled::class,
         ],
 
         'd2frontend' => [