Level 27
How exactly are you calling this endpoint? Do you have @csrf in your <form> or X-CSRF-TOKEN in your request header?
Jan 22, 2021
6
Level 3
getting a 403 error when trying to store data
I'm making a blog, and I have a textarea field with summernote JS, and it has an option to upload images.
as far as I can see, when you press the view code option of the summernotjs editor, you can see it's all HTML and when I submit, the request doesn't even reach the controller and gives a 403 error..
this is the code of the controller where it's suppose to reach:
public function store(Request $request, Slug $slug) {
dd('asd'); // doesn't show this.
$this->authorize('add-posts'); //authorize create new post
....///more code
}
routes:
Route::resource('posts', 'PostController');
where am I getting stopped out?
Level 104
Where is the request actually going - check your Network tab in the browser's dev tools?
Also, by convention, there is no argument to a store action (except the injected Request class); what is, or where does, $slug come from?
Level 3
@nimrod forgot to add, if I don't add images, it stores the information.
the code in the text area is this:
<p>asdasdasdasdasdsad</p>
<blockquote class="blockquote">
<p>asdasdasdsadasd</p>
</blockquote>
<p><br></p>
<p><img src="https://admin-blog-desarrollo.bdtfalabella.com/image/blog-02-9lZ2LM7CjY.jpg"><br></p>
this is the form @csrf ....//more code
@tykus in this image https://prnt.sc/xg0jfn, you can see it's loading a new page with the 403 error., also, change the controller to this:
public function store(Request $request)
and it still gives 403
Level 3
the form code:
<form id="form" action="{{route('posts.store')}}" method="POST" role="form" enctype="multipart/form-data">
@csrf
also, could it be the html purifier that is messing up the request? https://github.com/mewebstudio/Purifier
Level 1
I am too having this issue. Have you found any solution yet?
Level 1
@shivajigree This is an answer for somebody who will have the same issue.
Check if you are using a custom Form Request class with authorize() method. This method return false by default after creation by artisan.
https://koenwoortman.com/laravel-fix-403-action-unauthorized/
Please or to participate in this conversation.