Need to double/triple click Requests

I am gonna bump this question because it's driving me insane. I changed around some middleware because i am working with webhooks from a payment solution . Maybe it is an csrf issue? You can test the problem here: http://noblesse-baby.be/producten/my-7-kussen . try to add a item to the shopping cart and try to delete it from the top right corner. Sometimes it will work perfectly and sometimes you have to click multiple times. Here are some snippets of code that might be usefull :

Kernel.php where i switched the csrf from global middleware to this:

protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'role' => \Zizaco\Entrust\Middleware\EntrustRole::class,
        'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
        'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
        'checkForRole' => \App\Http\Middleware\checkForRole::class,
        'csrf' => \App\Http\Middleware\VerifyCsrfToken::class,
    ];

I surrounded the routes with following middleware:

     Route::group(['middleware' => ['web', 'csrf']], function () {
      }

On some of my controllers inside these middleware groups i changed the constructor to exclude some middleware

     public function __construct()
       {
        $this->middleware('auth', ['except' => [
            'store','destroy'
        ]]);
     }

on some of my controller methods that are affected i have used: Return back() , maybe that causes an issue?

Works ok for me. I added one item, deleted it, added 2 more, deleted them all worked with one click.

Have you tried clicking the links with your network tools open in your browser?

Same here, tried it and it works fine... maybe you got some browser plugin causing problems... have you tried different browsers or maybe even go incognito mode without plugins?

@Snapey @Prez . I have tried it in multiple browsers on Windows & in multiple browers on Mac. Also in the incognito modus of those browsers.

But just before you guys tried it i duplicated the middleware i specified in the routes to the constructors where i excluded some middleware. And now the problem seems to be solved. Not really sure why this is happening?

Routes:

Route::group(['middleware' => ['web', 'csrf']], function () {
    Route::get('winkelmand', 'CartController@index');
    Route::post('winkelmand/{productSlug}/toevoegen' , 'CartController@store');
    Route::delete('winkelmand/{cartItem}/verwijderen', 'CartController@destroy');
}

Updated controller with duplicate middleware:

public function __construct()
    {
        $this->middleware('web');
        $this->middleware('csrf');
        $this->middleware('auth', ['except' => [
            'store','destroy'
        ]]);
    }

Now that i duplicated the middleware it seems to be working.. Not sure what causes this?

@Chrizzmeister I noticed you apply web and csrf separately, have you modified the web middleware group in your kernel.php file? What does your php artisan route:list look like?

@Prez I did not modify my web middleware group in my kernal. I did modify my csrf like you see in my second post. Do i need to modify my web middleware?

@Chrizzmeister the VerifyCsrfToken middleware is in the web middleware group, so you might be applying it twice.