@alinawaz Do you make the call from the same application or you are trying the request from a different application? If you use the same app, is it Laravel 6 your project?

Do you have this part in your bootstrap.js file, or in your app.js file?

window.axios = require('axios');

window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';

/**
 * Next we will register the CSRF Token as a common header with Axios so that
 * all outgoing HTTP requests automatically have it attached. This is just
 * a simple convenience so we don't have to attach every token manually.
 */

let token = document.head.querySelector('meta[name="csrf-token"]');

if (token) {
    window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
    console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}

Share some code will be helpful as well.

i have this part of code in laravel 6.0

@alinawaz but you also have this in your main layout:

 <meta name="csrf-token" content="{{ csrf_token() }}">

In the head of your HTML right? On every page?

Can you share some code please?

is it possible to use the csrf token out side the form tag in laravel 6.0

this is my code of login page

Admin - Login {{----}} @csrf

Login

Sign In to your account

Login

There is no point on using it outside of a form. Is your view .blade.php as it seems like it is not compiled as it should.

A) if I am using the ajax call from delete or get the data from the specify id against then used the csrf token out side the form

B) or by mistake I am using the csrf token outside the then is this token create problem from my application ??

@alinawaz token is required for each HTTP verb, except for GET.

So if you are using AJAX, then the token should be attached to the header of your AJAX request, not in the form.

For that this is how you use it:

https://stackoverflow.com/a/41867849/1457270

My project is running well in local server but I am upload this project on server and try to use the is application on live server then get the error on the console network CSRF token mismatch but the request status is 200 on all function like login or search

have you any idea what is the error on my project

Do you have everything setup correctly on your server. Your .env file?

Have you run php artisan key:generate ? Do you have the correct APP_URL?

APP_NAME=Laravel APP_ENV=local APP_KEY=base64:xRg7lDe0JyBIsbHzdevV0D/dJYGbUklCorDncAvj/xE= APP_DEBUG=true APP_URL=http://localhost

LOG_CHANNEL=stack

DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=untyme DB_USERNAME=root DB_PASSWORD=

BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120

REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379

MAIL_DRIVER=smtp MAIL_HOST=smtp email MAIL_PORT=587 [email protected] MAIL_PASSWORD=123456 MAIL_ENCRYPTION=ssl MAIL_FROM_ADDRESS=Untyme MAIL_FROM_NAME==

AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET=

PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY=my value MIX_PUSHER_APP_CLUSTER= my value

this is my .env file but I do not run this command on local server php artisan key:generate

@alinawaz so your URL should not be localhost on your server right?

After this change I am getting the same error on the server

@alinawaz here is some response to this:

https://laracasts.com/discuss/channels/laravel/csrf-token-mismatch-when-moved-to-new-server

so try clearing your session on the server:

php artisan cache:clear

After use this command which file are use to upload on server

@alinawaz this just clears anything you have cached.. What do you mean what files should be uploaded to the server? Don't you have your project on the server already?

How did you uploaded the project to the server? FTP, Git, anything?

my project is already on the FTP server

this is the url from my site http://untyme.com/untyme/public/

you can check that is error on live server (token mismatch) but on local server this project are running well

Here is a guide on how to deploy using FTP

https://medium.com/laravel-news/the-simple-guide-to-deploy-laravel-5-application-on-shared-hosting-1a8d0aee923e

Hmmm....., I got similar issue.

It works fine on localhost, but when upload on production, it doesn't. In app I am using two templates, both templates have <meta name="csrf-token" content="{{ csrf_token() }}"> in the <head>

Mostley I am using ajax on both. blade files that use one template works OK, no problem.

But the other template don't work, Ajax does work on getting the info, but when I am trying to post, I get CSRF token mismatch. What is also interesting, that if I comment out the <meta name="csrf-token" content="{{ csrf_token() }}"> in the <head> it works. I do get the red in console saying bootstrap.js?id=47e39c241cf5a624ce36:32450 CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token, but I can get and post via ajax.

Any thoughts on what could be wrong? It seems that in the template/page where I commented out the {{ csrf_token() }}, axios is till able to get the csrf from somewhere. Very strange. And as I mentioned, the other ajax stuff, in other parts of app does work.

@guntarsv I just ran into the exact same issue using Laravel 6.9. Did you find a proper fix or a reason as to why it happens?