Nice idea on adding the token header. The PR looks good but will some actual test within the week. Thanks!

I think we should also note that there is an implication here on the routes. If you are using resource controller, then the request would go to the store method.

@yajra Yeah, you are right, thanks for reminding. I did not notice resource controllers as I use my custom resource routes&controller instead of Laravel built-inRoute::resource().

Adding a POST route to index may be a workaround?

Route::post('users','UserController@index');Route::resource('users','UserController', ['except' =>'store']);

I know it is not an elegant solution, I am not familiar with Laravel resource controller...

Another solution: setX-HTTP-Method-Override HTTP header toGET, withPOST Ajax method. And we don't need to set CSRF token.

- if (app()->bound('session') && $token = app('session')->token()) {-     $attributes = Arr::add($attributes, 'headers.X-CSRF-TOKEN', $token);- }+ Arr::set($attributes, 'headers.X-HTTP-Method-Override', 'GET');

But we should note that usingpostAjax() does not mean your route method should be POST as well, contrarily, you need to register your route as GET. is this a problem?

Another solution: Remove parameters forpostAjax(), and thepostAjax() just acts "Ajax via POST":

$builder->ajax(...)->postAjax();

Or maybe better to do this by changingBuilder::ajax() method:

publicfunction ajax($attributes ='',$post =false)

I will submit a new PR for this.

Released on v3.3.0 🎊 🚀