Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel + Vue.js (axios) - CSRF token mismatch

Tags:

csrf

laravel

vue.js

csrf-token

I have problem with csrf token in Laravel. Sometimes request POST (via axios) returns 419 code "CSRF token mismatch" but request header contain CSRF and XSRF tokens. Interestingly, it's not happend in incognito mode.

enter image description here

App.blade:

<meta name="csrf-token" content="{{ csrf_token() }}">

bootstrap.js:

window.axios = require('axios');
window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';


let token = document.head.querySelector('meta[name="csrf-token"]');

if (token) {
    window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
    console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}

Kernel.php:

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\Localization::class,
        ],

I tried to clear cache and config with no results. Any ideas how to fix it?

like image 506
serpentow Avatar asked Dec 22 '19 22:12

serpentow

2 Answers

I encountered this issue. The cause was axios headers not being set. Setting them on the axis object within the component also did not resolve the issue. Setting the headers after the object is defined resolved the issue for me.

In your blade view add the following:

<script>window.Laravel = {csrfToken: '{{ csrf_token() }}'}</script>

In your bootstrap.js file, after declaring window.axios = require('axios'); add the following:

window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = window.Laravel.csrfToken;
like image 176
Kevin Lynch Avatar answered Oct 17 '22 02:10

Kevin Lynch

Sometimes?! It sounds like a expired token.

When you're working in incognito tabs, you have a fresh token.

Try location.reload() when you're getting 419 error code and everything goes well.

like image 1
Khalil Laleh Avatar answered Oct 17 '22 00:10

Khalil Laleh
Sign in to Comment

Related questions

Laravel validation rule for email
Composer View is not loading variable into view
how to implement multiauth in laravel passport
Laravel, sudenly changed the session to other users?
Laravel fetch only pivot columns in many to many relationship
Laravel Cashier - where does $stripeToken come from?
Laravel Extend Vendor Class
laravel migration Specified key was too long; max key length is 767 bytes [duplicate]
Hosting Unity WebGL Game using Laravel Framework
Laravel - What's the difference between timestamp() and timestampTz()?
How to add pagination on vue-tables-2 using Laravel rest api?
Laravel Nova - Load dropdown field based on relationship with of another dropdown
How can I dynamically change the keys that Crypt uses in Laravel?
Laravel fails to find route except when the route is named
How to link more than one foreign key in laravel
how to fix "Method Illuminate\Database\Schema\Blueprint::class does not exist."
How to define policy for a list or array in laravel?
Need help using all() and find() in the same function for Laravel
Query Laravel Eloquent many to many where all id's are equal
Laravel Mix build process scalable up to lots of (50+) themes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!