Level 2
Update : GET requests works fine. Something is wrong with post request.
Oct 4, 2020
54
Level 75
If for some reason you wanted csrf in api, you need to add it to that group in kernel. I guess it depends on what you are doing.
But I'd suggest taking a tutorial on API's prior to proceeding.
Level 75
@pn Show your routes and app/Http/Kernel.php
Level 2
I have other routes commented and usign following test routes :
Route::get('first', function(){
return "hi";
});
Route::post('register', function(Request $request){
return $request->all();
});
app/Http/kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
}
Level 2
Got the issue. It has something wrong with sanctum package, commenting sanctum routes and in app/Http/Kernel.php , works fine.
Level 75
Try to comment EnsureFrontendRequestsAreStateful in Kernel.php
Level 2
Yes I did and it works fine. So there is something wrong when working with Sanctum package. thanks @michaloravec for your idea of showing app/Http/Kernel.php
Level 75
Still for what you are doing do you need the csrf or not.
Level 3
I believe you need to add
enctype="multipart/form-data"
in the form method.
<form method="POST" enctype="multipart/form-data" ......
When you make a POST request, you have to encode the data that forms the body of the request in some way.
Level 2
@jlrdw I need csrf only because it was giving me 419, so I guess if the issue is with the package, I do not need csrf.
Level 2
@phread form is not submitted it is an ajax call, so will enctype make any difference ?
Level 75
Are you sure this is an API? Or is it a regular web app and you are using jquery / ajax instead of regular form submitting. And you do need multipart/form-data if uploading files.
You will probably need FormData in jquery / ajax as well.
https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects
And did you remember to preventDefault?
Level 2
@jlrdw I am calling an API and I am not uploading files, it is just registering users. So I think we do not need enctype here.
Level 27
/beyondallrecognition
How is it possible for 419 to appear under api.php when following Laravel's standard setup?
Level 5
Usually I pass the token in the data using blade, something like this.
$.ajax({
method: 'POST',
url: 'whatever/whatever',
data: {
"_token" : "{{csrf_token()}}"
}
});
Level 2
@webso thanks for replying but I do not use laravel for forntend. I use php files and jquery for frontend and Laravel for only api purpose.
Level 2
Is any one able to reproduce this issue ?
Level 27
@pn until your folder structure is fixed, I doubt it.
Level 2
@laracoft please explain folder structure, and what should I look for ?
Level 27
@pn https://laracasts.com/discuss/channels/laravel/laravel-8x-419-csrf-token-mismatch?page=1#reply=648951
I also don't know what else you did to get your Laravel working currently, but you have to reverse all the changes.
Level 2
I ended up solving this by creating a new Laravel application and moving all the logic there. Thanks @all for your efforts
Level 5
You can try this in your jquery
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Check the documentation. https://laravel.com/docs/8.x/csrf#csrf-x-csrf-token
Level 3
I apologize for not replying sooner, I didn't see your question to me.
I believe that it is still required. However, given that it has been 2 weeks, it would be greatly appreciated if you could share what you ended up having do.
Level 2
Something weird happened today. I was getting a "419 Page Expired" error. I spent hours trying to figure out what was wrong.
There can be couple standard reasons like @csrf, config, storage etc. But in my case it was totally unexpected.
Finally, I found the reason: I had accidentally put a tab space before <?php on the beginning of the routes/pages.php Remove this tab, helped.
Hopefully you won't make this accidental tab mistake, but just in case I'm sharing my debugging experience. Maybe it will help someone.
Please or to participate in this conversation.