Level 102
You need to use a regular form where you set csrf yourself. Or just make it a get request from an <a tag
Personally I generate a signed url that expires https://laravel.com/docs/9.x/urls#signed-urls
Oct 14, 2022
6
Level 1
Inertia and PhpSpreadSheet
Hi all,
I am not able to generate an Excel file with PhpSpreadSheet (using maatwebsite/excel) from a post link in Inertia :
- if I use Inertia.post() function I get the result in a modal with all the Excel file caracters showing
- if I use a conventional form post to avoid an Inertia response I get a HTTP error 419 (certainly because of the CSRF token missing)
Do you have any idea how I can do it ? Thanks for your answers...
Level 1
Hi @sinnbeck , thank you for your message !
I'd prefer to do a post request, I am not sure it is possible with an anchor tag. Here is what I tried with a regular form :
<form method="post" :action="route('vehicle.findxls')" target="_blank">
<input type="hidden" name="param_id"/>
<button class="w-36" type="submit">Export</button>
</form>
I keep getting HTTP 419 error. I have no idea how to add the CSRF token in the form (I use Inertia with Vue3 and script setup)...
For information here is my controller (Laravel 9) :
public function findxls(Request $request)
{
$selectVh = Vehicle::where('param_id',$request->input('param_id'));
return Excel::download(new FindVehiclesExport($selectVh->get()), 'vehicles.xlsx');
}
Thanks again for your advices.
Level 102
@Pierre_AIR You can get it from the page cookies. This is how axios does it
cookieStore.get('XSRF-TOKEN').then(function(foo) {
console.log(foo.value) //append value to the form as a hidden input with `name="_token"`
})
//or
const token = await cookieStore.get('XSRF-TOKEN')
//usage {{token.value}}
Or a much more simple thing would be to disable it for that one route https://laravel.com/docs/9.x/csrf#csrf-excluding-uris
Level 1
Thanks @sinnbeck . Unfortunately the XSRF-TOKEN cookie is the encrypted value of csrf_token, if I put its value in an input named _token it doe not work :
import VueCookies from "vue-cookies";
const xsrf_token = $cookies.get("XSRF-TOKEN");
<!-- doesn't work because XSRF is not CSRF -->
<input type="hidden" name="_token" :value="xsrf_token" />
What I did instead is get the CSRF value in my input method of the controller :
/**
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function search()
{
return Inertia::render('Vehicles/Search', [
...
'csrf_token' => csrf_token(),
]);
}
And retrieve it as a props
const props = defineProps({
...
csrf_token: String,
});
It works but I thought there would be a more clever solution... Thanks anyway for your time and effort, have a good day !
Level 102
@Pierre_AIR happy to help
Level 1
I'm facing the same issue. I still feel, the csrf way is not the legit way. @sinnbeck @pierre_air I even posted the question in stack https://stackoverflow.com/questions/78020541/export-excel-file-in-laravel-using-inertia-js Were you guys able to find some other way, or can you look into this?
Please or to participate in this conversation.