im adding csrf_field to all my forms by default and it was working fine , i decided to store some data in session so i've grouped some routes and used web middlewar on them
Route::group(['middleware' => ['category' , 'web']], function () {
Route::get('/', 'HomeController#index');
Route::get('/dashboard', 'DashboardController#index')->name('dashboard');
})
now when i submit a form i get this error
TokenMismatchException in VerifyCsrfToken.php line 67:
but they work fine if i remove web middleware !!
im using database drive for my sessions ... i dont know if that's relevant
Remove web middleware, that should fix the problem.
Since 5.2.27 web middleware applies automatically to all routes (in 5.3 to all routes in routes/web.php) and you shouldn't add it manually.
If the form is not token field _token
<form method="POST" action="">
{{ csrf_field() }}
...
</form>
Related
I have the following group of GET routes on Laravel:
Route::get('/location/get', 'Ajax#getProducts');
Route::get('/products/get', 'Ajax#getProducts');
Route::get('/schedule/get', 'Ajax#getProducts');
I want to protect those routes with the automatically generated CSRF token from Laravel.
I have read some workarounds about overriding method: VerifyCsrfToken#isReading(...), but I'm not too much convinced about that.
Then I'm looking for a more elegant solution.
Thanks!
CSRF is not protecting your data. More info: https://security.stackexchange.com/a/115808
If you has no reason for using GET method with CSRF, just use POST with default csrf middleware group:
Route::group(['before' => 'csrf'], function() {
// your ::post routes
});
Anyway, you can try to create VerifyCsrfTokenAll middleware, and use csrf_get key from this answer: https://stackoverflow.com/a/41656322/2453148
and then wrap your routes in this group:
Route::group(['before' => 'csrf_get'], function() {
// your routes
});
Best thing I would adhere to is including the #csrf with your blade form.
<form action=“{{ your route name }}” method=“GET”> #csrf </form>
I am writting APIs for android/ios using Laravel 5.4. My simple webservice signUp which is working perfectly on localhost not working on live server and giving
MethodNotAllowedHttpException on POST methods
GET call works perfect .
Route code
Route::post('/signUp',['uses'=>'API_UserController#userSignUp']);
Attached is screen shot link of my postman.
https://i.stack.imgur.com/060IF.png
here is quick example of flow try this
<form action="{{url('v1/userSignUp')}}" class="validation" method="post"
accept-charset="utf-8">
{{ csrf_field() }}
<div>
// your required form field
<input type="submit" value="Add Category" class="btn btn-primary" />
</div>
</form>
and in your route add this
Route::get('/signUp', function () {
return view('yourviewpagename');
});
Route::post('/signUp','API_UserController#userSignUp');
and in your API_UserController
public function userSignUp()
{
dd(request->all());
}
#Mujeeb Ur Rehman Post method is use to send data and get method is use to access data in view or just to render view.
eg:-route:post('/home',xxController#xx);
route:get('/home1',xxController#xx);
error which you are getting is because suppose if you url it like this localhost/xx/home your framework think to access data or post data framework get confuse in this
just use like this
Route::group(['prefix' => 'v1'], function () {
Route::post('/signUp','API_UserController#userSignUp');
});
when you hit via postman tour URL is http://your_domain/api/v1/signUp so just add a prefix it will automatically add with your URL. in route group u can also use many other things like namespace, middleware etc. Example :
Route::group(['namespace' => 'any_depend_on_your_project_structure', 'middleware' => 'any_middleware', 'prefix' => 'v1'], function() {
// your routes
});
I am running the latest Laravel 5.3 version, and after running php artisan make:auth, I attempt to logout within the application and it returns this error: MethodNotAllowedHttpException.
Web.php (routes file):
Route::get('/', function () {
return view('welcome');
});
Route::auth();
Auth::routes();
Route::get('/home', 'ClinicController#index');
I can see that the views have been created, but why is it returning this error? Many thanks in advance
In Laravel 5.3 /logout route is assigned to method POST, so to log out you have to create form and submit it.
<form action="{{ route('/logout') }}" method="post">
{!! csrf_field() !!}
<button type="submit">Logout</button>
</form>
You can just manually and follow line to your web/routes.php file:
Route::get('/logout', 'Auth\LoginController#logout');
I'm trying to make a simple post through a form, the route exists and the token is there, but when a submit is made always returns '404 Not Found'.
Route:
Route::group(['middleware' => ['web']], function () {
Route::post('/cadastro', 'UsuarioPost#cadastro');
});
UsuarioPost Controller:
class UsuarioPost extends Controller
{
public function cadastro(Request $request)
{
return dd($_POST);
}
}
View with the form:
<form id="f_cadastro" method="POST" action="{{ URL::to('/cadastro') }}">
{{ csrf_field() }}
<button type="submit">Cadastrar</button>
</form>
Is there something new from laravel 5.1 to 5.2 in form submiting?
This used to work fine in the previus version, even without the group in the route.
I suggest you to use named routes instead of this strategy, is more convenient.
Route::get('/profile', [
'as' => 'profile.index',
'uses' => 'ProfileController#index',
]);
And then you can generate the url from your views or codes using only
{{ route('profile.index') }}
So, finally working.
The deal was with apache, and not laravel. Apaches httpd.conf file (apaches directory/conf/httpd.conf) had AllowOverride disabled as default, wich is needed by laravel. So I had to change every single "AllowOverride none" for "AllowOverride all", and removed the line "Require all denied".
Having my apache DocumentRoot already set to the public folder from my project everthing worked fine.
I have a contact form. On submit the POST request goes to a controller that handles the contact form (checks the request and emails the data). At the bottom of the controller I have this:
return back()->with('flash-message', 'Message!');
In the view I try to echo the message with
{{ session('flash-message') }}
This doesn't seem to work. The message is not in the session.
What could be wrong?
Im using:
Laravel version 5.2.7
please take Session variables with this way..
return redirect()->back()->with('flash-message','message');
and in View..
{{Session::get('flash-message')}}
I figured it out. It has to do with the Laravel 5.2 update. The middleware which is responsible for making that flash data available to all your views is not being utilized in normal Routes anymore. It was moved from the global middleware to the web middleware group. This post explains the issue and how to fix it.
Laravel 5.2 $errors not appearing in Blade
This post explains 2 ways to fix it:
In your kernel.php file, you can move the middleware \Illuminate\View\Middleware\ShareErrorsFromSession::class back to the protected $middleware property.
You can wrap all your web routes in the web middleware group (see below). Also place the Routes that handle the form here:
Route::group(['middleware' => 'web'], function() {
// Place all your web routes here...
});
You can do this.In the controller:
Session::flash('message','Empty input not accepted');
return back();
And in the view file to use this Session you can do same as above mentioned:
{{ \Session::get($message) }}
Hope this helps you....