Level 61
Why would you worry about such an edge case? If they get 419 then they will just refresh the page. No harm is done. That is expected when you leave your page open for a long time.
Apr 30, 2020
19
Level 12
419 CSRF token Unknow status handle
Hello,
I have a one-page web site with Laravel latest with the step of forms.
Now each stepwise ajax request is call and get the data from Controllers.
But some time 419 is comes due to laravel session is expired. So at that moment how can i handle the 419 unknow status error.
I already pass : CSRF token in meta tag
<meta name="csrf-token" content="{{ csrf_token() }}" />
AND while Ajax request :
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Problem is that how can I told the user to you need to page refresh once 419 is come in ajax post request. i mean how to handle it ? is there any idea?
I tried from the last 3 days to fix it.
Thanks in advance.
Akash Patel
Level 12
yup you are right. but how to user know need to page refresh? and that's why i need to handle it.
Level 3
add this to your App\Exceptions\Handler.php
public function render($request, Exception $exception)
{
if ($exception instanceof \Illuminate\Session\TokenMismatchException) {
return redirect('/login');
}
return parent::render($request, $exception);
}
Level 61
@gzai that is an AJAX request to redirect will not help. And if the token is not valid that does not mean that they have to sign in.
@akashpatel when you receive your response from backend check if it has 419 status code and if so add a popup notification that they need to refresh the page.
Level 12
@bugsysha yup you are right.
but when I go for a response check from the backend before 419 comes. that's the problem.
:(
Level 12
my request is :
Request Method: POST
Status Code: 419 unknown status
Remote Address: 54.188.16.41:443
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: application/json
Date: Thu, 30 Apr 2020 11:59:43 GMT
Server: nginx
Set-Cookie: laravel_session=eyJpdiI6IlRHNkNEWTVqaWV6RHdmdDdMb3FPMEE9PSIsInZhbHVlIjoidzBNMjFuaFJuOFA0eVRqMTkyK0d6K3NtVUR2RUNcL1YzUmlreUdVakFuNEtlK0tTanpQaDlkN25JdEdtaDNQNDUiLCJtYWMiOiIzMWEyZWI0OWZkZjUxMzI2MGU3ZDhjMjkzMjk4NGYyYjYzOWJjZDY1ZTQzZjYyZjc4YWEzMGMxNDk4M2M0M2ZkIn0%3D; path=/; httponly
Transfer-Encoding: chunked
Request header :
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,da;q=0.8,de;q=0.7
Connection: keep-alive
Content-Length: 68
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: cenable=yes; _ga=GA1.2.388989434.1588235149; _gid=GA1.2.1931136376.1588235149; mousestats_vi=7bd00c2e897e47da7621; _uetsid=_uet3d73bd44-9d52-1c56-67a2-da3639f3499a; mousestats_si=2a8992f7156d167fea0d; XSRF-TOKEN=eyJpdiI6IkRnbkNxT1oxaUppTWpaY3VJTDY3OUE9PSIsInZhbHVlIjoiRnBFS1NuQ1haR2U3b2pKUkQ2WjVWczdsS21ma3FDT1FMQVA5UmhvYmgzeHFLRXZwXC9nSVdEeFNkVTBzXC9jWkJHIiwibWFjIjoiMDg2NmZhODY4ZTE0ZDFlOGM2ZDMzN2JiZGNlOGM0M2Y1NGViODAzZTM3YTAwZGNiYTU2ZWM4MjY4MmIwYWNlOSJ9; laravel_session=eyJpdiI6IkYwZDJIWXJrSmhXckdaNmxYQ0Via1E9PSIsInZhbHVlIjoiNVBJTjZQeGZqUWl0QmpONDQzOFUrSktSczlWZmtJNUFwNytNNGdkYnZwem9LcVRrbFFaQ0NhY2NxS0hnWFZzZyIsIm1hYyI6IjVhNGMxZDMxNmFkZTkyMDcxZGMwMGI2YjgwOTFmNzgzNjVlZWUwMzYwOGJlMzhkZjcwZDZkZDQxM2NiM2I1NmEifQ%3D%3D
Host:
Origin:
Referer:
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
X-CSRF-TOKEN: J5ojB2j8Mamuk6o2Hq96n0TVEZGyE4paWa8e4gaZ
X-Requested-With: XMLHttpRequest
Response is (given error due to 419):
{message: "", exception: "Symfony\Component\HttpKernel\Exception\HttpException",…}
exception: "Symfony\Component\HttpKernel\Exception\HttpException"
file: "/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php"
line: 203
message: ""
This is my ajax request look like. may be help you to understand.
Level 61
What do you get when you set APP_DEBUG=false in your .env.
Level 12
Level 61
And what is then the response status code?
Level 12
Status Code: 419 unknown status
as per the above screenshot.
Level 3
Status Code: 419 unknown status, permission on the storage folder? maybe can't write session.
Level 12
@gzai its in my local so full control of the folder.
Level 61
So you have required status code. Based on that response code show a notification.
Level 12
But how can I got response code in ajax response? I seen response tab and it's just message :''
Level 61
Level 12
yup, I tried it but it's not working before it 419 is fire.
Level 61
You are not listening.
Level 40
@akashpatel you can try use one of the sample on the link that @bugsysha shared with you.
https://stackoverflow.com/a/5344186
$.ajax({
...
complete: function(xhr, textStatus) {
if (xhr.status === 419)
// add your code here
}
});
Level 12
Please or to participate in this conversation.