Geek Answers Handbook

Laravel X-CSFR-Token error with POSTMAN

I am trying to talk with my REST API created using Laravel. But the call with POSTMAN is rejected due to token mismatch. I think I need to include the CSRF token in the header. But do I need encrypted? When I insert this token, I still get the error that there is a token mismatch.

I am extracting my token using:

$encrypter = app('Illuminate\Encryption\Encrypter'); $encrypted_token = $encrypter->encrypt(csrf_token()); return $encrypted_token;

but should this change with every update?

+8
api csrf laravel postman
source share
2 answers

If you do not use forms - for example, for the API - you can follow these steps here https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0 :

Essentially add the following to your blade or branch header.

 <meta name="csrf-token" content="{{ csrf_token() }}">

Install Postman Interceptor, if not already installed, and enable it

Then in your browser go to the site (you need to log in) and check the item or view source to get a token

In Postman, set GET / POST, etc. as necessary, and in your heading create a new pair

 X-CSRF-TOKEN tokenvaluetobeinserted235kwgeiOIulgsk

Some people recommend disabling the CSRF token when testing the API, but then you are not really testing it.

If you find that you still have errors, check the answer with preview , since Laravel tends to be fairly explicit with error messages. If nothing returns, check your php_error.log (what it is ever called).

+8
source share

Yes, it changes every update. You must put it in the view, and when you submit it, it needs to be sent as the value of the "_token" POST var.

If you just use the standard POST, just add it to the form:

 <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">

If you use AJAX, make sure you capture the _token value and pass it with the request.

REF: http://laravel.com/docs/5.1/routing#csrf-protection

+3
source share

More articles:


All Articles