ArchStanton's avatar

Postman Token Mismatch - Laravel 5.3

Hi,

I am using dropzone to upload a file and then send the filename to the server. The code works fine but in postman I get a token mismatch.

How can I get it to work? Or can I temporarily turn CSRF off?


<script type="text/javascript">
        var baseUrl = "{{ url('/') }}";
        var token = "{{ Session::getToken() }}";
        console.log(token);
        Dropzone.autoDiscover = false;
        var myDropzone = new Dropzone("div#dropzoneFileUpload", {
            url: baseUrl + "/home/uploadFiles",
            params: {
                _token: token
            }
        });
        Dropzone.options.myAwesomeDropzone = {
            paramName: "file", // The name that will be used to transfer the file
            maxFilesize: 2, // MB
            addRemoveLinks: true,
            accept: function(file, done) {
                 
            },
        };
    myDropzone.on("addedfile", function(file) {
     

    /* Maybe display some more file information on your page */
  });

     myDropzone.on("complete", function(file) {
        console.log(file.name);
    $.ajax({
  type: "POST",
  url: '/data/insert',
  data: 
    {filename: file.name, '_token': token }

})

    .done(function( data ) {
    alert( "Data Loaded: " + data );
  });
  });

    </script>

0 likes
3 replies
squibby's avatar
squibby
Best Answer
Level 8

in VerifiyCsrfToken.php you can specify routes that you want to exclude from csrf.


class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        '/data/insert',
    ];
}

2 likes
erezt's avatar

That workaround isn't healthy, your supposed to simulate the API in a post request, not cut its CSRF security off, that's not a productive way around this issue. I believe the right way to do it is with postman interceptor (since the token refreshes on each call).

1 like

Please or to participate in this conversation.