I understand that this is a common issue with Laravel 5.x, but my particular run-in with the problem is not through submitting a form.
Instead, I am using postman to send data to a URL endpoint to test if data is successfully received. I'm working with Laravel 5.2 and I'm very much new to it!
Here is my routes.php file (related content)
Route::group(['middleware' => 'web'], function () {
Route::post('/cart', 'CartController#buildcart');
});
Here is my CartController.php (entire file)
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
class CartController extends Controller
{
public function buildcart(){
echo 'hello';
}
}
As simple as that is, when I use postman to send random data to the /cart URL, I get
TokenMismatchException in VerifyCsrfToken.php line 67:
Can anyone help me understand why this is failing? I don't see how using
{{ csrf_token() }}
is the solution for this case since the data is coming from an external source.
Running list of things I've tried
Removing the route from Route::group(['middleware' => 'web'], function () {
using Route::group(array('before' => 'csrf', ['middleware' => 'web']), function () {
try add the route to this route group
Route::group(array('before' => 'csrf', ['middleware' => 'web']), function () {
Route::post('/cart', 'CartController#buildcart');
});
EDIT : try to comment this line in app\kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// \App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
];
Try changing the middleware in the routes.php file. I think, you are getting the error as you are not authorized to use the route. Try this:
Route::group(['middleware' => 'guest'], function () {
Route::post('/cart', 'CartController#buildcart');
});
Related
in my /routes/api.php next code
Route::middleware('api')->group(function(){
Route::get('/prepare/', 'CompgenApiController#prepareDefault');
Route::get('/replace/', 'CompgenApiController#replaceImage');
Route::get('/collage/', 'CompgenApiController#collage');
Route::get('/generate/', 'CompgenApiController#generate');
Route::post('/upload/', 'CompgenApiController#userUpload');
});
all get-methods work fine but when i try use Route::post i got an error
"Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException"
this is the request code
uploadFile(){
axios.post('/api/upload/',{
src: 'test'
}).then(function (result) {
console.log(result);
});
}
also in my app/Http/Middleware/VerifyCsrfToken.php i have
protected $except = [
'/api/upload/'
];
what you have done is applied an api middleware on routes. why don't you try to update your code like this and then the routes defined inside your controller will be accepted with an api/ prefix.
Route::group([
'prefix' => 'api',
'middleware' => ['auth.api']
], function () {
//define routes here
});
i login to application dashboard successfully and have no problem in authentication but after that when i click on another link in the page, again return me to login page. by mean for every request take me to login page!?
please help
my web routes:
Auth::routes();
Route::group([ 'middleware' => 'auth'] , function() {
Route::get('admin', function() {
return view('master');
});
Route::get('admin/categories','CategoryController#index')->name('categories.index');
Route::get('admin/categories/create','CategoryController#create')->name('categories.create');
Route::post('admin/categories/store','CategoryController#store')->name('categories.store');
Route::get('admin/categories/edit/{id}','CategoryController#edit')->name('categories.edit');
Route::post('admin/categories/update/{id}','CategoryController#update')->name('categories.update');
Route::delete('admin/categories/delete/{id}','CategoryController#destroy')->name('categories.destroy');
});
As far as the details you've provided, I can already see that you have not added web middleware group to your route group.
The web middleware group is responsible for things such as encrypting cookies, verifying CSRF token and starting session.
In app/Http/Kernel.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
So, most likely the issue is that you haven't started a session, therefore logging in only works for one request.
Apply the web middleware group to your route group and it should solve the issue:
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('admin', function () {
return view('master');
});
Route::get('admin/categories', 'CategoryController#index')->name('categories.index');
Route::get('admin/categories/create', 'CategoryController#create')->name('categories.create');
Route::post('admin/categories/store', 'CategoryController#store')->name('categories.store');
Route::get('admin/categories/edit/{id}', 'CategoryController#edit')->name('categories.edit');
Route::post('admin/categories/update/{id}', 'CategoryController#update')->name('categories.update');
Route::delete('admin/categories/delete/{id}', 'CategoryController#destroy')->name('categories.destroy');
});
I am trying to implement flash messaging using sessions but am unable to do so.
In my controller I have:
public function store(Request $request) {
session()->flash('donald', 'duck');
session()->put('mickey', 'mouse');
return redirect()->action('CustomerController#index')->with('bugs', 'bunny');
}
But when I check the session variables in the view, I can only see the values from session()->put('mickey', 'mouse').
Session:
{"_token":"F6DoffOFb17B36eEJQruxvPe0ra1CbyJiaooDn3F","_previous":{"url":"http:\/\/localhost\/customers\/create"},"flash":{"old":[],"new":[]},"mickey":"mouse"}
A lot of people encountered this problem by not having the relevant routes inside the web middleware. I made sure to do this as well but it still wouldn't work.
In routes.php:
Route::group(['middleware' => ['web']], function () {
Route::get('/', function () {
return view('welcome');
});
Route::get('/customers', 'CustomerController#index');
Route::get('/customers/create', 'CustomerController#create');
Route::post('/customers', 'CustomerController#store');
});
In Kernel.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
];
Can anyone let me know what I could be doing wrong here? Thanks!
Fixed the issue by replacing
Route::group(['middleware' => ['web']], function () {
...
});
with
Route::group(['middlewareGroups' => ['web']], function () {
...
});
No idea why this works though when all the documentation suggests that we use ['middleware' => ['web']]
This is more than likely because of a change that was made to the Laravel framework (v5.2.27) that all routes by default are part of the "web" middleware, so assigning it again in your routes.php file ends up assigning it twice.
The solution is either to remove the "web" middleware from your routes OR remove the automatic assignment from the RouteServiceProvider.
Before the Laravel update:
// RouteServiceProvider.php
$router->group(['namespace' => $this->namespace], function ($router) {
require app_path('Http/routes.php');
});
After the Laravel update:
// RouteServiceProvider.php
$router->group([
'namespace' => $this->namespace, 'middleware' => 'web',
], function ($router) {
require app_path('Http/routes.php');
});
Notice how the new update automatically applies the "web" middleware to all routes. Simply remove it here if you wish to continue using Laravel 5.2 as you have before (manually assigning "web" middleware in your routes.php).
Build your Session flash info by using this code:
<?php
Session::flash("Donald", "Duck")
// Or in your code style.
$request->session()->flash("Donald", "Duck")
?>
Check it in your view with:
#if(Session::has("Donald")
{{Session::get("Donald")}}
#endif
You forget to use $request :)
In Controller:
use Session,Redirect;
public function store(Request $request)
{
Session::flash('donald', 'duck');
Session::put('mickey', 'mouse');
return Redirect::to('/customers')->with('bugs', 'bunny');
}
In 'view' check the data is getting or not:
<?php
print_r($bugs);die;
?>
Good Luck :)
I use the following:
In my controller:
public function xyz(){
// code
// This
return redirect()->action('homeController#index')->with('success', 'Check! Everything done!');
// Or this
return redirect('/index')->with('success', 'Check! Everything done!');
}
In my view:
#if(session('success'))
{{ session('success') }}
#endif
Nothing else. The web-middleware is assigned to every route.
I dont know why but on Windows you need changes in your routes: middleware to middlewareGroups, like that:
So, in your app\Kernel.php, you need put the StartSession at first on array of middleware group web:
I'm trying to implement some custom flash messages and I'm having some issues with the session data being destroyed after a redirect.
Here's how I create my flash messages :
flash('Your topic has been created.');
Here's the declaration of the flash() function :
function flash($message, $title = 'Info', $type = 'info')
{
session()->flash('flash', [
'message' => $message,
'title' => $title,
'type' => $type,
]);
}
And here is how I'm checking the session/displaying the flash messages, using SweetAlerts. This code is included at the bottom of the main layout file that I'm extending in all my Blade templates.
#if(Session::has('flash'))
<script>
$(function(){
swal({
title: '{{ Session::get("flash.title") }}',
text : '{{ Session::get("flash.message") }}',
type : '{{ Session::get("flash.type") }}',
timer: 1500,
showConfirmButton: false,
})
});
</script>
#endif
The code above will work if I call the flash() function before displaying a view, like so :
public function show($slug)
{
flash('It works!');
return view('welcome');
}
However, it will not work if I call it before doing a redirect to another page, like so :
public function show($slug)
{
flash('It does not work');
return redirect('/');
}
Why is the session data lost on redirect? How can I make it persists so that I can display my flash message?
I found out that it is necessary to apply the web middleware on all routes. Drown has mentioned to do so, but since March 23st 2016, Taylor Otwell changed the default RouteServiceProvider at https://github.com/laravel/laravel/commit/5c30c98db96459b4cc878d085490e4677b0b67ed
By that change the web middleware is applied automatically to all routes. If you now apply it again in your routes.php, you will see that web appears twice on the route list (php artisan route:list). This exactly makes the flash data discard.
Also see: https://laracasts.com/discuss/channels/laravel/session-flash-message-not-working-after-redirect-route/replies/159117
It turns out that with Laravel 5.2, the routes have to be wrapped in the web middleware for the session to work properly.
This fixed it :
Route::group(['middleware' => ['web']], function () {
// ...
Route::post('/topics/{slug}/answer', 'PostsController#answer');
Route::post('/topics/{slug}/unanswer', 'PostsController#unanswer');
Route::post('/topics/{slug}/delete', 'PostsController#delete');
});
Please check APP/kernel.php
\Illuminate\Session\Middleware\StartSession::class,
is define multiple times
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Session\Middleware\StartSession::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
You can comment any one or delete it. We need to define one time only.
The issue i had was Session::save() preventing swal from showing after redirect.
so you need to remove Session::save() or session()->save(); from middleware
With Laravel 5.2.34, all routes are using web middleware by default.
Therefore, change this:
Route::group(['middleware' => ['web']], function () { // This will use 2 web middleware
// ...
Route::post('/foo', 'FooController#foo');
});
To this:
Route::group([], function () { // This will use the default web middleware
// ...
Route::post('/foo', 'FooController#foo');
});
And then in your controller you could use:
class FooController extends Controller
{
...
public foo()
{
...
return redirect('/foo')->withSuccess('Success!!');
// or
return redirect('/foo')->with(['success' => 'Success!!']);
}
...
}
Redirect with flash data is done like this:
redirect("/blog")->with(["message"=>"Success!"]);
In early Laravel 5.2 versions, all of your Flash and Session data are stored only if your routes are inside web middleware group.
As of Laravel 5.2.34, all routes are using web middleware by default. If you will put them into middleware web group again, you will apply web middleware on your routes twice - such routes will be unable to preserve Flash or Session data.
Check your App\Kernel.php file.
There may be multiple lines of \Illuminate\Session\Middleware\StartSession::class,
Comment one from $middlewareGroups.
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
**\Illuminate\Session\Middleware\StartSession::class,**
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
have you tired using "redirect with"
https://laravel.com/docs/5.2/responses#redirecting-with-flashed-session-data
Additional to #Harry Bosh answer,
In Laravel there an issue when Session::save() happen inside the middleware,
this make _flash session gone after redirection happen
this can be fix by using alternative :
// replace your Session::save() to this
session(['yoursessionvar' => $examplevar]); // this will save laravel session
I try test api rest on laravel 5 but I have problems with method post, put, delete.
In my route.php file I have code:
Route::group(['prefix' => 'api'], function()
{
Route::group(['prefix' => 'user'], function()
{
Route::get('', ['uses' => 'UserController#allUsers']);
Route::get('{id}', ['uses' => 'UserController#getUser']);
Route::post('', ['uses' => 'UserController#saveUser']);
Route::put('{id}', ['uses' => 'UsercCntroller#updateUser']);
Route::delete('{id}', ['uses' => 'UserController#deleteUsers']);
});
});
Route::get('/', function()
{
return 'Enjoy the test...';
});
and in UserController.php have code:
public function allUsers()
{
return 'test';
}
public function getUser($id)
{
return 'test get user';
}
public function saveUser()
{
return 'test save user';
}
public function updateUser($id)
{
return 'test update user';
}
public function deleteUsers($id)
{
return 'test delete user';
}
When I run with method get it works good but with method post, put and delete it does not work.
Why is this?
If you want to make REST APIs then use laravel's generators.
Use php artisan make:controller UserController
Laravel automatically creates RESTful controller class for you with all required methods.
Then just put one line in your routes.php
Route::group(['prefix' => 'api'], function()
{
Route:resource('user', 'UserController');
});
And that's it, now you can access get, post, put, and delete requests very easily.
If you want to see what route I should use for what method then simply fire php artisan route:list from commandline.
And because of laravel comes with built in csrf token verification middleware, you must have to pass _token with your post data request. Or either you can access those routes without csrf token verification by doing this:
Go to kernel.php in Http folder under the app directory, and comment the csrfToken line.
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
// 'App\Http\Middleware\VerifyCsrfToken',
];