Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

lemmon's avatar
lemmon
OP
1 year ago
Level 28

TokenMismatchException pest tests

Hello all, I have laravel 11 install using starter kit Jetstream inertia vue. when I try to runn the default tests I get 15 failed tests. it appears I have a token mismatch exception. I am using sail

0 likes
4 replies
LaryAI's avatar
LaryAI
AI
1 year ago
Level 58

It sounds like you're encountering a TokenMismatchException when running your Pest tests in a Laravel application using Jetstream with Inertia and Vue. This typically happens because the CSRF token is not being handled correctly in your tests.

Here are some steps to resolve this issue:

  1. Disable CSRF Middleware for Testing: One approach is to disable the CSRF middleware during testing. This can be done by modifying the App\Http\Middleware\VerifyCsrfToken middleware to exclude the routes during testing.

  2. Set CSRF Token in Tests: Another approach is to ensure that the CSRF token is correctly set in your tests.

Solution 1: Disable CSRF Middleware for Testing

You can modify the VerifyCsrfToken middleware to disable CSRF verification when running tests.

// app/Http/Middleware/VerifyCsrfToken.php

protected $except = [
    //
];

public function handle($request, Closure $next)
{
    if (app()->environment('testing')) {
        return $next($request);
    }

    return parent::handle($request, $next);
}

Solution 2: Set CSRF Token in Tests

Ensure that your tests are correctly setting the CSRF token. You can do this by including the CSRF token in your requests.

Here is an example of how you can set the CSRF token in your Pest tests:

use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Session;

uses(RefreshDatabase::class);

it('can perform a post request', function () {
    $response = $this->post('/your-endpoint', [
        '_token' => csrf_token(),
        // other request data
    ]);

    $response->assertStatus(200);
});

Example Test with CSRF Token

Here is a more complete example of a Pest test that includes the CSRF token:

use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Session;

uses(RefreshDatabase::class);

it('can perform a post request', function () {
    // Start a session to generate a CSRF token
    Session::start();

    $response = $this->post('/your-endpoint', [
        '_token' => csrf_token(),
        'key' => 'value',
    ]);

    $response->assertStatus(200);
});

Additional Tips

  • Ensure that your test environment is correctly set up and that you are using the correct environment configuration.
  • If you are using Laravel Sail, make sure your test database is correctly configured and accessible.

By following these steps, you should be able to resolve the TokenMismatchException and get your tests passing.

lemmon's avatar
lemmon
OP
1 year ago
Level 28

When I manually add the csrf token to the test I still get a token mismatch exception?

Abderrahim_20_'s avatar

@lemmon you should initiate the session with Session::start inside the test itself or in beforeEach()

Please or to participate in this conversation.