Again, this exception is based on in-built application security. Error 419 or Page Expired comes when we do not include CSRF_TOKEN in the html form body, since forms are usually the way to POST data to another file or controller.

Excluding routes from CSRF Protection

Sometimes there may be situations where we might want to allow some routes without CSRF_TOKEN, we can simply add those URIs or routes in VerifyCsrfToken middleware’s except array like this

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
‘stripe/*’,
‘http://example.com/foo/bar’,
‘http://example.com/foo/*’,
];
}