<?php
namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     * Add legacy endpoints that post from old JS which don't include tokens.
     *
     * @var array<int, string>
     */
    protected $except = [
        'chat_post',
        'chat_post/*',
        'api/art/*/view',
        // Apple Sign In removed — no special CSRF exception required
    ];
}