I've just dived into Laravel, and I'm facing some challenges. First off, I had a tough time figuring out why Vite is included in Laravel by default. I heard that you can write views in React—does this mean that using JSX with Blade is possible? If not, can I keep them completely separate in their own folders?
Right now, my major issue is trying to remove the CSRF token from cookies since my project doesn't have any APIs, and I believe I don't need them. I thought removing it would be an easy config change, but it's been trickier than anticipated. Plus, once I get that sorted, I'm hoping to set the SameSite attribute to strict rather than lax. Any suggestions?
6 Answers
Just so you know, Vite is a popular choice for working with React projects. It's included with Laravel to support modern front-end workflows, but you can certainly separate React if that's your style. Glad to hear you figured out how to remove it!
Laravel is hands down my favorite framework, period! But hey, if it makes you feel better to blame your learning curve on the framework, that's up to you.
Is there even a config option to just turn off CSRF cookies?
Honestly, if you don't plan on having an API, you might want to reconsider using Laravel altogether. It’s an amazing framework, but it shines with full stack applications.
I thought it would still help with user input validation and role-based authorization. Doesn't Laravel offer those features easily?
As opposed to what other frameworks?
It sounds like you might benefit from some deeper reading of the documentation. It can really help clarify things about CSRF and other configurations you’re struggling with.
I’ve looked through docs, videos, and even tried using AI for assistance, but I’m still stuck.
Make sure to choose the right starter kit for your Laravel project. Sometimes, going with a different setup can streamline your experience from the get-go!
Check out these links on how to disable the CSRF middleware if you’re looking to adjust that. You might find some insights in the code examples provided. Here's one link: [GitHub example](https://github.com/search?q=+%3EwithoutMiddleware+language%3APHP+csrf&type=code) and [Laravel docs](https://laravel.com/docs/12.x/middleware#excluding-middleware).
I'm not looking to exclude it; I want to completely disable the cookies. I might have to extend the default classes to achieve that.
What do you mean by 'hands down'? Is that just your opinion, or is there an objective reason for it?