Level 102
Is that CSRF token hardcoded or did you copy it from the rendered html?
Sep 3, 2021
13
Level 1
CSRF problem
Hi! I have a strange problem with 419 expired error on Laravel 8 while storing the item. By the way, updating the item works well, I have
<input name="_token" type="hidden" value="8vuZXCzutLdsyj9EYF6fPWmCcblyZqTso5BL5GLx">
in both forms similar. Commenting VerifyCsrfToken.php middleware solves the problem, so it's CSRF problem. Any ideas?
Level 1
I'm using Collective, so it's generated.
Level 102
Can you show the code?
Level 1
{{ Form::open(['url' => route('customers.store', ['locale' => $locale]), 'method' => 'post', 'class' => 'row g-3 mb-4', 'id' => 'store_customer']) }}
So, Collective generated what I noted above.
Level 75
Why do you use Laravel Collective in 2021? Explain me that.
Level 1
It's my first project, what to use in 2021?
Level 75
Pure html.
Level 1
Thank you, I'll follow your advice. Why Collective is out of trends?
Level 1
I changed code to:
<form action="{{ route('customers.store', ['locale' => $locale]) }}" method="post" class="row g-3 mb-4" id="store_customer">
@csrf
The same result.
Level 102
Can you show the route for customers.store as well as the controller?
Level 1
Route:
Route::group(['middleware' => 'auth'], function() {
Route::prefix('{locale}')->group(function() {
Route::resource('customers', CustomerController::class);
});
});
Store:
public function store(StoreCustomerRequest $request): RedirectResponse
{ dd($request->all());
$this->authorize(Abilities::CREATE, Customer::class);
$data = $request->getFormData();
$customer = $this->customerService->storeCustomer($data);
return redirect(route('customers.show',['customer' => $customer, 'locale' => App::getLocale()]))
->with('status', __('app.customer.messages.status.store'));
}
Update (works):
public function update(UpdateCustomerRequest $request, Customer $customer): RedirectResponse
{
$this->authorize(Abilities::UPDATE, $customer);
$data = $request->getFormData();
$this->customerService->updateCustomer($customer, $data);
return redirect(route('customers.show',['customer' => $customer, 'locale' => App::getLocale()]))
->with('status', __('app.customer.messages.status.update'));
}
Level 1
I figured out, that
$request->input('_token')
is empty while in method tokensMatch of VerifyCsrfToken.php, but I don't know why, because it exists in my form. What do I check in this case?
Level 1
Solved, it was JS removing _token field.
Please or to participate in this conversation.