Cross-site request forgeries are a type of malicious exploit whereby
unauthorized commands are performed on behalf of the authenticated
user.
Allowing users to submit your form from an iframe on a different
domain is exactly the kind of thing Laravels CSRF protection is trying
to prevent.
There is a way to disable CSRF verification for certain URL's. You can add a new item to the$exceptarray to exclude that url from CSRF verification.
Http/Middleware/VerifyCsrfToken.php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'your/uri'
];
}
