Geek Answers Handbook

Laravel Dingo API and Middleware \\ VerifyCsrfToken.php Problems

I am using Dingo with Laravel 5.1 to create a simple API.

So on route.php I have:

$api = app('Dingo\Api\Routing\Router'); $api->version('v1', function($api) { $api->get('getvoucher', 'App\Http\Controllers\ BitemsController@index '); $api->get('update/{key}', 'App\Http\Controllers\ BitemsController@update '); $api->post('store', 'App\Http\Controllers\ BitemsController@store '); $api->post('authenticate', 'App\Http\Controllers\ AuthenticateController@authenticate '); $api->post('logout', 'App\Http\Controllers\ AuthenticateController@logout '); $api->get('token', 'App\Http\Controllers\A uthenticateController@getToken '); });

and my BitemsController:

 public function index(Request $request) { $bitem = Bitem::where('key',$request->key)->where('id',$request->pin)->first(); return $bitem; } public function store(Request $request) { $bitem = new Bitem($request->all()); $bitem->save; return $bitem; }

Now I use the POSTMAN application to test the API, and when I send GET to localhost: 8888 / api / getvoucher, everything is fine, but when I make a POST request to store some data, I got an error:

 "message": "500 Internal Server Error", "status_code": 500, "debug": { "line": 53, "file": "C:\\wamp\\www\\dine\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken.php", "class": "Illuminate\\Session\\TokenMismatchException", "trace": [

POSTMAN: enter image description here

To fix the problem, I am trying to add:

 protected $except = [ 'api/*', ];

inside the middleware VerifyCsrfToken.php, but wnt works.

Please tell me how to solve my problem ...

+7
php middleware csrf laravel dingo-api
source share
2 answers

For the postman to work, you need to either send the correct CSRF header or delete it on your routes.

I assume that based on your screenshot, your Dingo API routes use API_PREFIX=api in your .env file .

Refer to the Laravel documentation on CSRF tokens for more information about them. The gist @ BM2ilabs suggested provides some basics on how to find out which CSRF token you use for local testing in your session to insert Postman.

If you do not want to use CSRF protection, you are right to use the $except property on the VerifyCsrfToken according to the Laravel documentation - this also appeared before the stack overflowed before . It is difficult to fix this problem without seeing your Kernel and the full middleware file that you are using. If the $except property doesn’t really work for you, you can always override the VerifyCsrfToken::handle() method according to this message and add everything that checks the route:

 public function handle($request, Closure $next) { if ( ! $request->is('api/*')) { return parent::handle($request, $next); } return $next($request); }

If you only create an API that will be inactive and does not need CSRF protection, you can simply comment on the use of VerifyCsrfToken in your Kernel completely (and maybe some other session middleware), although I would recommend using some authentication / verification that your visitor will be allowed access to the API endpoint.

+4
source share

You just need to add csrf_token to the message, but it can be difficult with the postman

in laravel add a header with what you are using For example, Axios:

 it already has that integrated

jQuery Ajax

  $.ajaxSetup({ headers: { 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content') } });

for more info

Update

After some searching, I found this article which shows how to make csrf work with POSTMAN , as well

Gists @ethanstenis

+1
source share

More articles:


All Articles