Geek Answers Handbook

Laravel 5.2: csrf token does not work

Hey. Why is the csrf token value null? And when I do not use a token, I do not know TokenMismatchException !!!! how can i fix this?

Look at the image Please

I went deeper and found that the session is not registering with SessionServiceProvider. Is there something that needs to be enabled for this to work by default? Since I'm a Laravel beginner, I'm not sure how to follow the advice above. How can I make sure my routes are added to the "web group"?

<form method="post" action="<?php echo url('/form'); ?>"> <input type="hidden" name="_Token" value="{{ csrf_token() }}"> <input type="text" name="Title" placeholder="Title"><br> <textarea rows="10" name="Content" placeholder="Content"></textarea><br> <input type="submit" value="Send"> </form>
+8
php laravel laravel-5
source share
15 answers

Make sure your web milddleware application is applied to your route.

Pretty much any route where you need sessions, csrf protection, encrypted cookies, session errors, etc., you will need the web middleware group.

Check the route.php file for the route group as follows:

 Route::group(['middleware' => 'web'], function () { // });

Update: Starting 5.2.27, RouteServiceProvider now puts all your routes in routes.php into a route group that has web middleware.

+24
source share

In version 5.2: you move Route to:

 Route::group(['middleware' => ['web']], function () { //Your route here });

There are two ways to use the token in the form ( https://laravel.com/docs/master/routing#csrf-protection ):

 // Vanilla PHP <?php echo csrf_field(); ?> // Blade Template Syntax {{ csrf_field() }}

Or

 <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
+5
source share

use

 {!! csrf_token() !!}

instead

 {{ csrf_token() }}
+3
source share

Make sure the session path is writable . If not, laravel compares zero (without a session token) with the value of $_POST['_token'] and throws a mismatch error, despite the real reason.

+3
source share

It's just that everyone, someone is still facing this problem,

inside config / session.php my sessions essentially didn't work (although they looked somehow for a while)

Make sure the domain variable is set to null !

Everything is fixed for me, like nothing else, actually my problem.

Hope this helps someone.

+3
source share

Edit VerifyCsrfToken.php from the Middleware folder for this

 <?php namespace App\Http\Middleware; use Closure; use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier; class VerifyCsrfToken extends BaseVerifier { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $response = $next($request); $response->headers->set('Access-Control-Allow-Origin' , '*'); $response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE'); $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With, Application'); return $response; } }

I have the same problem as you, I'm on Laravel 5.2, I also have a token in my form, but still throw me the "TokenMismatch" error is very annoying?

+2
source share

I think this is a pretty deep problem, as there can be many reasons for this. For me, I upgraded from Laravel 5.1 to 5.2. I also use a database to store my sessions. This gave me this error, but when I checked the laravel error logs (/ storage / logs), I found that Laravel 5.2 expects the session table to have the fields user_id, ip_address and user_agent. Mine did not. When I added these fields, they all worked the same way as before the update. So my advice is to check the error log!

+1
source share

This answer is for all people who have already used {{ csrf_field() }} after the <form> in their view.blade.php file and also run the php artisan key:generate command, but still get a Token mismatch error. These are the steps I took to fix the TokenMismatchException error for one of my projects that are still under development.

Delete cache files from the following two folders in your laravel project:

  • Storage / framework / session /
  • storage / framework / view /

After deleting the cache files, clear the browser cache.

+1
source share

Perhaps you can use this: (src = https://laravel.com/docs/5.2/routing )

 <form action="/foo/bar" method="POST"> <input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_token" value="{{ csrf_token() }}"> </form>
0
source share

I can confirm this problem, and csrf_token () and csrf_field () create empty token fields in Laravel 5.2. According to the docs, both methods should work, but they don't seem to do this. My installation is completely fresh, so the documents are incorrect or an error is present.

0
source share

I have the same problem. I did not find how to fix the main problem, but I think this is a decent solution: Laravel 5.x: Redirect CSRF errors to the previous page
Therefore, instead, you need to add the TokenMismatchException redirect user to the previous page with the error message.
To do this, use the override method VerifyCsrfToken.($request, Closure $next) .
Open App\Http\Middleware\VerifyCsrfToken.php and hit the base class ( Illuminate\Foundation\Http\Middleware\VerifyCsrfToken ) and the copy descriptor method inside App\Http\Middleware\VerifyCsrfToken.php and change the line that throws TokenMismatchException to redirect previous page. also add import use Closure; . So, after all the changes, App\Http\Middleware\VerifyCsrfToken.php will look like this:

 <?php namespace App\Http\Middleware; use Closure; use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier; /** * Class VerifyCsrfToken * @package App\Http\Middleware */ class VerifyCsrfToken extends BaseVerifier { /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ // ]; public function handle($request, Closure $next) { if ( $this->isReading($request) || $this->runningUnitTests() || $this->shouldPassThrough($request) || $this->tokensMatch($request) ) { return $this->addCookieToResponse($request, $next($request)); } //throw new TokenMismatchException; return Redirect::back()->withError('Sorry, we could not verify your request. Please try again.'); } }

Solution 2 - Use Caffeine for Laravel .
Caffeine For Laravel is a package designed to prevent the use of the CSRF token from time to time on your site when filling out the form.
Mike, the creator of the package, wanted a safe way to make life easier for users who take their time filling out forms while maintaining a token waking up behind the scenes of an ajax call.

0
source share

You can simply use this:

 <form method="POST" action="/addUser" > {!! csrf_field() !!} ... </form>
0
source share

In order not to check the security of this form, you need to go to the file path: config / auth.php on Laravel. In this file you should find (or create) the line 'no_csrf' => array(), This line should add routes that cannot be verified. In this layout you should add a path to your form, for example:

 'No_csrf' => array('/form'),
0
source share

I had the same problem. Solved it by deleting all the files in the sessions folder. Sessions folder path: yourApplication / storage / framework / sessions /

0
source share

My suggestion is to use FormHelper and Form::open() in your view. The Fomr and HTML helpers were removed from the laravels kernel in version 5.0, but you can install them again after these instructions.

In any case, in your opinion there is a typo. The _token field name is _token , not _token . Maybe a problem

-one
source share

More articles:


All Articles