Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

randm's avatar

TokenMismatchExpection when posting from inside an iframe

I have a page running on http://some.example.com. This page have an iframe. The iframe source/contains a Laravel 5.2 base application.

My Laravel page URL "which is the source of the iframe" is https://laravel.example.com.

https://laravel.example.com has a form with a submit button. When a use clicks it, he/she hits another route on the same domain i.e. https://laravel.example.com/disply/survey

But every time, I submit the form I get the following exception

TokenMismatchException in VerifyCsrfToken.php line 67:

Here is my form

    <form method="POST" action="https://laravel.example.com/disply/survey" accept-charset="UTF-8" class="form">
<input name="_token" type="hidden" value="Dk6SN4WzO4brbvdnBO6JZ7e1lBGjmYz8GQJ1lYFo">
<input name="survey_id" type="hidden" value="10">
<input name="call_id" type="hidden" value="667">
<input name="pools" type="hidden">

<input name="alt_id_1" type="hidden" value="250">
<input name="alt_id_2" type="hidden" value="5">
<input name="alt_id_3" type="hidden">
<input name="alt_id_4" type="hidden">
<input name="alt_id_5" type="hidden">
<input name="alt_id_6" type="hidden">
<input name="alt_id_7" type="hidden">
<input name="alt_id_8" type="hidden">
<input name="alt_id_9" type="hidden">
<input name="alt_id_10" type="hidden">


<input name="alt_string_1" type="hidden">
<input name="alt_string_2" type="hidden">
<input name="alt_string_3" type="hidden">
<input name="alt_string_4" type="hidden">
<input name="alt_string_5" type="hidden">
<input name="alt_string_6" type="hidden">
<input name="alt_string_7" type="hidden">
<input name="alt_string_8" type="hidden">
<input name="alt_string_9" type="hidden">
<input name="alt_string_10" type="hidden">

<div class="text-center"> 
    <input class="btn btn-primary" type="submit" value="Start Survey">
</div>

</form>

The form works perfectly outside of the iframe. The problem only happens when I am inside the iframe.

What could be causing this issue? How can I correct the problem?

0 likes
3 replies
bashy's avatar

Check the token in the iframe and see if it changes on each reload (it shouldn't). If it changes, it means it's starting a new session each time. Probably something to do with the cookie path or setting.

What's your iframe setting for web server software? All allowed?

randm's avatar

@bashy how would I know my setting for iframe? I did not know iframes have settings. I am using IE.

bashy's avatar

It could be on the server settings (web server software). Not really sure on it though.

Please or to participate in this conversation.