Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

theUnforgiven's avatar

X-editable - CSRF Token Mismatch

Hi all,

I'm using the x-editable script to edit form fields inline, but after trying to save to the database with the method:

 public function index()
 {
        $inputs = Input::all();
        $custom = Custom::findOrNew($inputs['pk']);
        $custom->$inputs['name'] = $inputs['value'];
        return $custom->save();
 }

I get the following error TokenMismatchException in VerifyCsrfToken.php line 46:

Also form looks like this:

{!! Form::open(['url' => 'employees/update/' .$emp->id, 'class' => 'form-horizontal']) !!}
                    <input type="hidden" name="_token" value="{{ csrf_token() }}">
                    <input type="hidden" id="_token" class="hidden" data-token="">
                    <div class="form-group {!! $errors->has('first_name') ? 'has-error' : '' !!}">
                        <div class="col-sm-2" id="editable" data-type="text" data-placement="top" data-type='text' data-url='{{ URL::route('customFields') }}' data-pk="{{ $emp->id }}">Name</div>
                        <div class="col-lg-3">
                            <input type="text" name="first_name" class="form-control" value="{!! $emp->first_name !!}">
                        </div>
                        <div class="col-lg-3">
                            <input type="text" name="last_name" class="form-control" value="{!! $emp->last_name !!}">
                        </div>
                        <div class="col-md-4">
                            {!! $errors->first('first_name', '<span class="help-block">The name fields are required.</span>') !!}
                        </div>
                    </div>
{!! Form::close() !!}

And this is the JS for it:

$(document).ready(function() {
    //toggle `popup` / `inline` mode
    $.fn.editable.defaults.mode = 'inline';

    //make  editable
    $('#editable').editable();

});

Anyone know how to get around this?

0 likes
6 replies
theUnforgiven's avatar

Got around the CSRF issue by doing:

$.ajaxSetup({
    headers: {
        'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
    }
});

within my JS file, but now I get -

UnexpectedValueException in Response.php line 403:
The Response content must be a string or object implementing __toString(), "boolean" given.
RachidLaasri's avatar

Add this

    $.fn.editable.defaults.params = function (params) {
        params._token = $("meta[name=token]").attr("content");
        return params;
    };

under

$.fn.editable.defaults.mode = 'inline';
theUnforgiven's avatar

@RachidLaasri Got it all sorted now I think I just need to know how to edit a ID if already exists or if not create a new one.

theUnforgiven's avatar

Cos using User::find($id); doesn't show if nothing exists for that user but needs to allow them to edit it

theUnforgiven's avatar

Basically I want to be able to edit (using x-editable) the labels for this form.

So the user can click on each and give it a custom name but defaults to what's already there if they haven't changed the values.

But I'm struggling with this.

Please or to participate in this conversation.