I've just started a new app with Laravel 5.1 and I've found myself with many problems. I've created a simple registration-login system for the users and I used some Events + Jobs in my Controller to create the new user, send the registration e-mail, etc. BUT if I use the Events/Jobs I can't stop getting a TokenMismatchException in the VerifyCsrfToken.php.
As far as I know:
Laravel provides a CSRF protection by default in any Form POST request. If I dd() a normal $request (without adding the CSRF Token) I can see the token.
Laravel 5.1 has a global CSRF Middleware for all Requests.
So...
Why do I have to put an extra token in my form? {!! csrf_field() !!}
What is the correct use of this Middleware? Should I add it only when I'm sending a Form with a POST method?
When should I exclude the CSRF Middleware?
Why do I get the Exception when firing events/jobs from the Controller in a post method?
The Middleware is protecting your Requests. For example: You use also Middleware to make a Role Based Management System.
-> http://laravel.com/docs/master/middleware
For example if you`re building an APP with Angular. CSRF is protecting you.
I'm currently using the illuminate/html package so then I don't have to add it, do I?
In the official documentation says: "You do not need to manually verify the CSRF token on POST, PUT, or DELETE requests."
I guess that the only thing I have to put it's the csrf_token() in the meta-tag of the header. Don't I?
Do you have any idea of why I had so many errors just because I used the Events/Jobs in the Controller's POST method? I removed them from my method and stop having the TokenMismatchException in the VerifyCsrfToken.php.
