Again, this exception is based on in-built application security. Error 419 or Page Expired comes when we do not include CSRF_TOKEN in the html form body, since forms are usually the way to POST data to another file or controller.
Excluding routes from CSRF Protection
Sometimes there may be situations where we might want to allow some routes without CSRF_TOKEN, we can simply add those URIs or routes in VerifyCsrfToken middleware’s except array like this
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
* The URIs that should be excluded from CSRF verification.
* @var array
protected $except = [