Level 122
the headers will tell you where you are being redirected to... probably the login route
Aug 9, 2021
8
Level 1
Getting 302 redirect error on laravel ajax requests.
I am getting 302 redirect error when use ajax get request in my website.
This is my ajax code :
function load_photos(){
let albumid = $('input[name=_album_id]').val();
$.ajax({
url: BASE_URL+'/photos/get/'+albumid,
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
},
cache: false,
success: function(res){
$(".uploaded-images").html(res.data);
}
});
}
In my controller at the end i am just return json response
public function get__photos($id){
$albumid = Crypt::decrypt($id);
$view['album'] = Photo::where('albumid',$albumid)->get();
$album = view('upload.partial.photos',$view)->render();
return response()->json(['status' => true, 'data' => $album]);
}
On ajax run i get no response in inspect element and get only 302 response
Note: The ajax works perfectly fine when i run https:://www.domain.com But it doesn't work on https:://domain.com.
ON AJAX GET REQUEST I AM GETTING => 302 Found
ON AJAX POST REQUEST I AM GETTING => 419 unknown status
Level 1
When i run ajax request 2 request get fired, in 1 i get 302 and in 1 i get 200 and i think its going to login page.
I dont get it, Why i am even being redirected. how can i fix this ?
Level 29
When i run ajax request 2 request get fired, in 1 i get 302 and in 1 i get 200 and i think its going to login page.
Check your middleware or any authentication implemented.
Probably is due to the unauthenticated issue.
Level 122
because your ajax endpoint is wrapped in auth middleware
On the page that is sending the ajax request, have you previously logged in?
Level 1
I am logged in the domain : https://domain.com/ but the Baseurl that i have set in the ajax is https://www.domain.com/
Does this effect ajax call ? maybe its redirecting to https://www.domain.com/ and since i am not logged in https://www.domain.com/ its giving me 302 redirect ???
Level 122
depends what you have for session cookie domain and same_site
See config/session.php
Level 1
This is my session file It is default that comes with laravel 8
<?php
use Illuminate\Support\Str;
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "dynamodb", "array"
|
*/
'driver' => env('SESSION_DRIVER', 'file'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => false,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => env('SESSION_CONNECTION', null),
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Cache Store
|--------------------------------------------------------------------------
|
| While using one of the framework's cache driven session backends you may
| list a cache store that should be used for these sessions. This value
| must match with one of the application's configured cache "stores".
|
| Affects: "apc", "dynamodb", "memcached", "redis"
|
*/
'store' => env('SESSION_STORE', null),
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => env(
'SESSION_COOKIE',
Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
),
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => env('SESSION_DOMAIN', null),
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => env('SESSION_SECURE_COOKIE'),
/*
|--------------------------------------------------------------------------
| HTTP Access Only
|--------------------------------------------------------------------------
|
| Setting this value to true will prevent JavaScript from accessing the
| value of the cookie and the cookie will only be accessible through
| the HTTP protocol. You are free to modify this option if needed.
|
*/
'http_only' => true,
/*
|--------------------------------------------------------------------------
| Same-Site Cookies
|--------------------------------------------------------------------------
|
| This option determines how your cookies behave when cross-site requests
| take place, and can be used to mitigate CSRF attacks. By default, we
| will set this value to "lax" since this is a secure default value.
|
| Supported: "lax", "strict", "none", null
|
*/
'same_site' => 'lax',
];
Level 40
Hi @princeparaste, Were you able to figure out what was causing the 302?
Now, out of the blue :) I am getting it too. Here is my post: https://laracasts.com/discuss/channels/laravel/405-method-not-allowed-when-validation-fails
I am getting the 302 only when validation fails, if validation passes everything works as expected.
What's even more puzzling is that it worked earlier, but now, I am not sure since when, it is not working. For me the validation is not working.
I will try to remove middleware and see what happens. I see in this post @snapey points out that it may be a middleware issue. For me it's still a mystery, I get the 302 error only if validation fails.
Any thought / suggestions always much appreciated.
Happy New Year to you guys!
Please or to participate in this conversation.