furniture/app/Http/Middleware/VerifyCsrfToken.php

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
use Closure;
class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
        "wechat",
        "notify",
        "admin/Base/Attachment/*",
        '/web/notify-account'
    ];

    public function handle($request, Closure $next)
    {
        // 如果是来自 api 域名，就跳过检查

        $QUERY_STRING = explode('/', $_SERVER['QUERY_STRING']);
        // dd($QUERY_STRING);die;
        if($QUERY_STRING[0] == 'route=admin' && $QUERY_STRING[1] == 'Base' && $QUERY_STRING[2] == 'Attachment'){
            return $next($request);
        }

        if($QUERY_STRING[0] == 'route=wechat'){
            return $next($request);
        }
        if($QUERY_STRING[0] == 'route=Api'){
            return $next($request);
        }

        if($QUERY_STRING[0] == 'route=notify'){
            return $next($request);
        }
        return parent::handle($request, $next);



    }
}