Level 8
Did you clear your config after adding route into except array?
Feb 29, 2024
16
Level 1
CSRF token mismatch for domain redirects
Hello I am facing issue where I have concept of custom redirection in my project. After redirection there is a form submit process where I am facing CSRF token mismatch issue. I tried using cookie concept or replacing the request header token in session attribute in VerifyCSRFToken.php file. Later on I tried adding route to except param in same file But none of this worked. I would appreciate if I find the solution for this Thanks in advance
Level 1
@amitsolanki24_ yes I did that
Level 8
Can your share your code or routes.
Level 1
VerifyCSRFToken.php :
protected $except = [
'/auth/event',
'/auth/catalog'
];
Route :
Route::group(['domain' => '{subdomain}.{domain}.{tld}', 'middleware' => ['catalog.identify',],
], function() {
Route::post('/auth/catalog', 'CatalogController')->name('catalog.auth');
Route::post('/auth/event', 'EventController')->name('event.auth');
});
Level 29
Do you get this issue when redirecting between different sub domains?
Level 1
@gych yes
Level 29
Which domain have you set in session config?
Level 1
@gych my app domain. (note : and the custom domains or redirected domains would be dynamic and different for each of the users)
Level 8
@Binny Patel can you share your sub domain redirecting code
Level 29
Your session domain should be starting with a . for example .yourdomain.com
Level 1
@gych yes its defined in same manner with a .
Level 8
@Binny Patel Do domain and subdomain share same code or other
Level 29
Which session driver are you using?
Level 1
@gych SESSION_DRIVER = file
Level 1
@amitsolanki24_ Same code There is a middleware for it where before fetching data we check whether its the app domain or custom domain
public function handle($request, Closure $next)
{
$domain = $request->route()->parameters['subdomain'] . '.' . $request->route()->parameters['domain'] . '.' . $request->route()->parameters['tld'];
app()->singleton('domain', function () use ($request, $domain) {
return [
'fqdn' => $domain,
'subdomain' => $request->route()->parameters['subdomain'],
'domain' => $request->route()->parameters['domain'],
'tld' => $request->route()->parameters['tld'],
];
});
// Custom domains
if (!Str::contains($domain, config('_app.app_domain'))) {
$photoCatalog = Query to fetch data;
}
// Subdomains
if (empty($photoCatalog)) {
if (!Arr::has($request->route()->parameters, 'subdomain')) {
return abort(404);
}
$subdomain = $request->route()->parameters['subdomain'];
if ($subdomain === 'domain') {
return response()->redirectTo('https://app.' . config('_app.app_domain'));
}
$photoCatalog = Query to fetch data;
}
app()->singleton('photoCatalog', function () use ($photoCatalog) {
return $photoCatalog;
});
return $next($request);
}
Level 29
Use another session driver like database or cookie I remember someone having the same issue by using file as session driver in the past. Can't directly find the related post right now.
1 like
Please or to participate in this conversation.