Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

davy_yg's avatar
davy_yg
OP
5 years ago
Level 27

(1/1) TokenMismatchException in VerifyCsrfToken.php (line 68)

Hello,

I got this error:

(1/1) TokenMismatchException

in VerifyCsrfToken.php (line 68)

ref: https://laracasts.com/discuss/channels/laravel/tokenmismatchexception-in-verifycsrftokenphp-line-68-in-laravel-54

checkout.blade.php

<form action="{{ url('/checkout') }}" method="POST" id="myForm">
    	        {{ csrf_field() }}

        		<div class="checkout-page">
            		<div class="row">
                		<div class="col-sm-12 col-md-6">
                    		<div class="form">
	                            <h3 class="form-title">DELIVERY DETAILS</h3>

....


<div class="paymment-method">
                        <h3 class="form-title">PAYMENT METHOD</h3>
                        
                        <div class="checkbox">
                            <label>
                            <input type="checkbox" value="">
                            I’VE READ AND ACCEPT THE TERM & CONDITIONS
                            </label>
                        </div>
                    </div>
                    <button type="submit" class="button pull-right">Checkout</button>
                </div>
            </div>
        </div>
    </form>

Any clue why?

0 likes
9 replies
skoobi's avatar

Not sure if this helps but do you have this in the template header.

<meta name="csrf-token" content="{{ csrf_token() }}">

and try

@csrf

// instead of
{{ csrf_field() }}
davy_yg's avatar
davy_yg
OP
5 years ago
Level 27

For some reason this does not work out:

<form action="{{ url('/checkout') }}" method="POST" id="myForm">
            <meta name="csrf-token" content="{{ csrf_token() }}">
            @csrf
skoobi's avatar

You'll need to place the <meta name="csrf-token" content="{{ csrf_token() }}"> up in the header of your main blade template.

Like so

<!doctype html>
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">

	<!-- CSRF Token -->
	<meta name="csrf-token" content="{{ csrf_token() }}">

	<title>{{ config('app.name', 'MY APP') }}</title>

	<!-- Scripts -->
	<script src="{{ asset('js/app.js') }}" defer></script>
	<!-- Styles -->
	<link href="{{ asset('css/app.css') }}" rel="stylesheet">
</head>
<body>
davy_yg's avatar
davy_yg
OP
5 years ago
Level 27

I still get the same error message:

(1/1) TokenMismatchException

in VerifyCsrfToken.php (line 68)

Snapey's avatar

meta tag is for ajax requests and belongs in the header.

@csrf belongs within the form but is only available from version 5.6 onwards

5.5 and earlier must use {{ csrf_field() }}

You also have to have working sessions. It would help to know if forms work on other pages.

1 like

Please or to participate in this conversation.