Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
I don't know if it is a Laravel problem or a VueJS problem.
I'm now using pretty well vuejs (first time 2 months ago) but I'm not a specialist.
I'm working on an application with :
No API mode, VueJS is integrated in Laravel.
I have this problem : it seems that the CSRF token doesn't exist in my requests when I want to submit forms using axios.
What's strange is that the controller executes the create method even if there is no scrf token. This means I can create a new course without any CSRF token.
If you have any idea, thanks a lot because I search for the solution for a week at least.
Here are some parts of my code.
Routes
Route::middleware(['auth', 'verified', 'active'])->group(function() {
Route::middleware(['member'])->prefix('members')->name('members.')->group(function() {
Route::get('courses', [CourseController::class, 'list']);
Route::get('course/{id}', [CourseController::class, 'get']);
Route::post('course', [CourseController::class, 'create']);
Route::put('course/{id}', [CourseController::class, 'update']);
Route::delete('course/{id}', [CourseController::class, 'delete']);
}
}
Controller
public function create(Request $request)
{
$this->authorize('create', Course::class);
DB::transaction(function () use ($request) {
$course = new Course;
$course->fill($request->all());
$course->save();
$course->trainers()->sync($request->trainerIds);
});
}
Course component (VueJS)
methods: {
saveCourse() {
if (this.initCourseParams.courseId > 0) {
this.$store.dispatch('courses/updateCourse', this.course)
} else {
this.$store.dispatch('courses/createCourse', this.course)
}
this.close()
}
}
Actions in the VueJS store
actions: {
createCourse({commit, dispatch, state}, course) {
course.start_date = course.date+' '+course.start_time
course.end_date = course.date+' '+course.end_time
axios
.post('/members/course', course)
.then(response => {
dispatch('getCoursesByTraining', state.trainingId)
})
}
}
Thanks a lot for your help.
Hope you use the default laravel installation which comes with axios
https://github.com/laravel/laravel/blob/8.x/resources/js/bootstrap.js#L3
read this comment here
This library automatically handles sending the CSRF token as a header based on the value of the "XSRF" token cookie
Hello @sergiu17 I already have these lines in my bootstrap.js file.
So what you tell me is that the CSRF token is already sent, but in the headers and not in the request, isn't it ?
@vincent15000 yes, it is sent, axios does this, check you headers
Please or to participate in this conversation.