In Laravel, clients don’t need to initialize CSRF tokens under the following conditions:
- Cookie and Session-based Authentication: When using cookie and session-based user authentication, and the route being accessed is part of
web.phpwith theApp\Http\Middleware\VerifyCsrfTokenmiddleware enabled, CSRF tokens are required.