diff --git a/src/broadcasting/src/BroadcastManager.php b/src/broadcasting/src/BroadcastManager.php
index 202dd29bb..e72ad20f5 100644
--- a/src/broadcasting/src/BroadcastManager.php
+++ b/src/broadcasting/src/BroadcastManager.php
@@ -24,6 +24,7 @@
 use Hypervel\Bus\UniqueLock;
 use Hypervel\Cache\Contracts\Factory as Cache;
 use Hypervel\Foundation\Http\Kernel;
+use Hypervel\Foundation\Http\Middleware\VerifyCsrfToken;
 use Hypervel\ObjectPool\Traits\HasPoolProxy;
 use Hypervel\Queue\Contracts\Factory as Queue;
 use InvalidArgumentException;
@@ -73,7 +74,10 @@ public function __construct(
     public function routes(array $attributes = []): void
     {
         if ($this->app->has(Kernel::class)) {
-            $attributes = $attributes ?: ['middleware' => ['web']];
+            $attributes = $attributes ?: [
+                'middleware' => ['web'],
+                'without_middleware' => [VerifyCsrfToken::class],
+            ];
         }
 
         $kernels = $this->app->get(ConfigInterface::class)
@@ -95,7 +99,10 @@ public function routes(array $attributes = []): void
      */
     public function userRoutes(?array $attributes = null): void
     {
-        $attributes = $attributes ?: ['middleware' => ['web']];
+        $attributes = $attributes ?: [
+            'middleware' => ['web'],
+            'without_middleware' => [VerifyCsrfToken::class],
+        ];
 
         $this->app->get(RouterDispatcherFactory::class)->getRouter()
             ->addRoute(
diff --git a/tests/Broadcasting/BroadcastManagerTest.php b/tests/Broadcasting/BroadcastManagerTest.php
index a051adb68..d32456a5d 100644
--- a/tests/Broadcasting/BroadcastManagerTest.php
+++ b/tests/Broadcasting/BroadcastManagerTest.php
@@ -5,6 +5,7 @@
 namespace Hypervel\Tests\Broadcasting;
 
 use Hyperf\Contract\ConfigInterface;
+use Hyperf\HttpServer\Router\DispatcherFactory as RouterDispatcherFactory;
 use Hypervel\Broadcasting\BroadcastEvent;
 use Hypervel\Broadcasting\BroadcastManager;
 use Hypervel\Broadcasting\Channel;
@@ -19,6 +20,8 @@
 use Hypervel\Container\DefinitionSource;
 use Hypervel\Context\ApplicationContext;
 use Hypervel\Foundation\Application;
+use Hypervel\Foundation\Http\Kernel;
+use Hypervel\Foundation\Http\Middleware\VerifyCsrfToken;
 use Hypervel\Queue\Contracts\Factory as QueueFactoryContract;
 use Hypervel\Support\Facades\Broadcast;
 use Hypervel\Support\Facades\Bus;
@@ -117,6 +120,66 @@ public function testThrowExceptionWhenUnknownStoreIsUsed()
 
         $broadcastManager->connection('alien_connection');
     }
+
+    public function testRoutesExcludesCsrfMiddleware(): void
+    {
+        $capturedAttributes = null;
+
+        $router = m::mock('router');
+        $router->shouldReceive('addRoute')
+            ->once()
+            ->withArgs(function ($methods, $path, $handler, $attributes) use (&$capturedAttributes) {
+                $capturedAttributes = $attributes;
+                return true;
+            });
+
+        $routerFactory = m::mock('routerFactory');
+        $routerFactory->shouldReceive('getRouter')
+            ->with('http')
+            ->andReturn($router);
+
+        $config = m::mock(ConfigInterface::class);
+        $config->shouldReceive('get')
+            ->with('server.kernels', [])
+            ->andReturn(['http' => []]);
+
+        $app = m::mock(ContainerInterface::class);
+        $app->shouldReceive('has')->with(Kernel::class)->andReturn(true);
+        $app->shouldReceive('get')->with(ConfigInterface::class)->andReturn($config);
+        $app->shouldReceive('get')->with(RouterDispatcherFactory::class)->andReturn($routerFactory);
+
+        $broadcastManager = new BroadcastManager($app);
+        $broadcastManager->routes();
+
+        $this->assertSame(['web'], $capturedAttributes['middleware']);
+        $this->assertSame([VerifyCsrfToken::class], $capturedAttributes['without_middleware']);
+    }
+
+    public function testUserRoutesExcludesCsrfMiddleware(): void
+    {
+        $capturedAttributes = null;
+
+        $router = m::mock('router');
+        $router->shouldReceive('addRoute')
+            ->once()
+            ->withArgs(function ($methods, $path, $handler, $attributes) use (&$capturedAttributes) {
+                $capturedAttributes = $attributes;
+                return true;
+            });
+
+        $routerFactory = m::mock('routerFactory');
+        $routerFactory->shouldReceive('getRouter')
+            ->andReturn($router);
+
+        $app = m::mock(ContainerInterface::class);
+        $app->shouldReceive('get')->with(RouterDispatcherFactory::class)->andReturn($routerFactory);
+
+        $broadcastManager = new BroadcastManager($app);
+        $broadcastManager->userRoutes();
+
+        $this->assertSame(['web'], $capturedAttributes['middleware']);
+        $this->assertSame([VerifyCsrfToken::class], $capturedAttributes['without_middleware']);
+    }
 }
 
 class TestEvent implements ShouldBroadcast