I am trying to delete data from database via ajax.
HTML:
#foreach($a as $lis)
//some code
Delete
//click action perform on this link
#endforeach
My ajax code:
$('body').on('click', '.delteadd', function (e) {
e.preventDefault();
//alert('am i here');
if (confirm('Are you sure you want to Delete Ad ?')) {
var id = $(this).attr('id');
$.ajax({
method: "POST",
url: "{{url()}}/delteadd",
}).done(function( msg ) {
if(msg.error == 0){
//$('.sucess-status-update').html(msg.message);
alert(msg.message);
}else{
alert(msg.message);
//$('.error-favourite-message').html(msg.message);
}
});
} else {
return false;
}
});
This is my query to fetch data from database...
$a = Test::with('hitsCount')->where('userid', $id)->get()->toArray();
But when i click on Delete link data not deleted and show csrf_token mismatch...
The best way to solve this problem "X-CSRF-TOKEN" is to add the following code to your main layout, and continue making your ajax calls normally:
In header
<meta name="csrf-token" content="{{ csrf_token() }}" />
In script
<script type="text/javascript">
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
</script>
You have to add data in your ajax request. I hope so it will be work.
data: {
"_token": "{{ csrf_token() }}",
"id": id
}
I just added headers: in ajax call:
headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')},
in view:
<div id = 'msg'>
This message will be replaced using Ajax. Click the button to replace the message.
</div>
{!! Form::submit('Change', array('id' => 'ajax')) !!}
ajax function:
<script>
$(document).ready(function() {
$(document).on('click', '#ajax', function () {
$.ajax({
type:'POST',
url:'/ajax',
headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')},
success:function(data){
$("#msg").html(data.msg);
}
});
});
});
</script>
in controller:
public function call(){
$msg = "This is a simple message.";
return response()->json(array('msg'=> $msg), 200);
}
in routes.php
Route::post('ajax', 'AjaxController#call');
Laravel 8^
Route::post('ajax', [AjaxController::class, 'call']);
I think is better put the token in the form, and get this token by id
<input type="hidden" name="_token" id="token" value="{{ csrf_token() }}">
And the JQUery :
var data = {
"_token": $('#token').val()
};
this way, your JS don't need to be in your blade files.
If you are using template files, than you can put your meta tag in the head section (or whatever you name it) which contain your meta tags.
#section('head')
<meta name="csrf_token" content="{{ csrf_token() }}" />
#endsection
Next thing, you need to put the headers attribute to your ajax(in my example, I am using datatable with server-side processing:
"headers": {'X-CSRF-TOKEN': $('meta[name="csrf_token"]').attr('content')}
Here is the full datatable ajax example:
$('#datatable_users').DataTable({
"responsive": true,
"serverSide": true,
"processing": true,
"paging": true,
"searching": { "regex": true },
"lengthMenu": [ [10, 25, 50, 100, -1], [10, 25, 50, 100, "All"] ],
"pageLength": 10,
"ajax": {
"type": "POST",
"headers": {'X-CSRF-TOKEN': $('meta[name="csrf_token"]').attr('content')},
"url": "/getUsers",
"dataType": "json",
"contentType": 'application/json; charset=utf-8',
"data": function (data) {
console.log(data);
},
"complete": function(response) {
console.log(response);
}
}
});
After doing this, you should get 200 status for your ajax request.
Know that there is an X-XSRF-TOKEN cookie that is set for convenience. Framework like Angular and others set it by default. Check this in the doc https://laravel.com/docs/5.7/csrf#csrf-x-xsrf-token
You may like to use it.
The best way is to use the meta, case the cookies are deactivated.
var xsrfToken = decodeURIComponent(readCookie('XSRF-TOKEN'));
if (xsrfToken) {
$.ajaxSetup({
headers: {
'X-XSRF-TOKEN': xsrfToken
}
});
} else console.error('....');
Here the recommended meta way (you can put the field any way, but meta is quiet nice):
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Note the use of decodeURIComponent(), it's decode from uri format which is used to store the cookie. [otherwise you will get an invalid payload exception in laravel].
Here the section about the csrf cookie in the doc to check :
https://laravel.com/docs/5.7/csrf#csrf-x-csrf-token
Also here how laravel (bootstrap.js) is setting it for axios by default:
let token = document.head.querySelector('meta[name="csrf-token"]');
if (token) {
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}
you can go check resources/js/bootstrap.js.
And here read cookie function:
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
}
return null;
}
Add an id to the meta element that holds the token
<meta name="csrf-token" id="csrf-token" content="{{ csrf_token() }}">
And then you can get it in your Javascript
$.ajax({
url : "your_url",
method:"post",
data : {
"_token": $('#csrf-token')[0].content //pass the CSRF_TOKEN()
},
...
});
EDIT: Easier way without changing the meta line.
data : {
_token: "{{ csrf_token() }}"
}
Or
data : {
_token: #json(csrf_token()),
}
Thanks to #martin-hartmann
you have to include this line in master file
<meta name="csrf-token" content="{{ csrf_token() }}" />
and while calling ajax you have to implement csrf token ,
$.ajax({
url:url,
data:{
_token:"{{ csrf_token() }}"
},
success:function(result){
//success message after the controller is done..
}
})
if you are using jQuery to send AJAX Posts, add this code to all views:
$( document ).on( 'ajaxSend', addLaravelCSRF );
function addLaravelCSRF( event, jqxhr, settings ) {
jqxhr.setRequestHeader( 'X-XSRF-TOKEN', getCookie( 'XSRF-TOKEN' ) );
}
function getCookie(name) {
function escape(s) { return s.replace(/([.*+?\^${}()|\[\]\/\\])/g, '\\$1'); };
var match = document.cookie.match(RegExp('(?:^|;\\s*)' + escape(name) + '=([^;]*)'));
return match ? match[1] : null;
}
Laravel adds a XSRF cookie to all requests, and we automatically append it to all AJAX requests just before submit.
You may replace getCookie function if there is another function or jQuery plugin to do the same thing.
who ever is getting problem with the accepted answer #Deepak saini, try to remove
cache:false,
processData:false,
contentType:false,
for ajax call.
use
dataType:"json",
In case your session expires, you can use this, to login again
$(document).ajaxComplete(function(e, xhr, opt){
if(xhr.status===419){
if(xhr.responseJSON && xhr.responseJSON.message=='CSRF token mismatch.') window.location.reload();
}
});
You should include a hidden CSRF (cross site request forgery) token field in the form so that the CSRF protection middleware can validate the request.
Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.
So when doing ajax requests, you'll need to pass the csrf token via data parameter.
Here's the sample code.
var request = $.ajax({
url : "http://localhost/some/action",
method:"post",
data : {"_token":"{{ csrf_token() }}"} //pass the CSRF_TOKEN()
});
xxxxxxxOld answer deletedxxxxxxx
CLARIFICATION/UPDATE
The csrf token in the meta header is used for session management
Laravel automatically generates a CSRF "token" for each active user session managed by the application.
It is the same value as that contained in:
#csrf directive inside a form or anywhere else in a Blade template (this generates the _token hidden input field).
csrf_token() global helper function used anywhere in a controller or Blade template.
Important
For sessions that are not yet authenticated, the CSRF token is regenerated/different for every served page - i.e. new session data is generated for every loaded page.
For a session that is authenticated, the CSRF token is the same for all pages - i.e. session data is maintained across all loaded pages.
Conclusion
Include the CSRF token in Ajax request in the following way:
from the meta header or the generated hidden _token input field - useful when sending Ajax POST request with a form:
<script>
$(document).ready(function() {
let token = $('meta[name="csrf_token"]').attr('content');
// let token = $('form').find('input[name="_token"]').val(); // this will also work
let myData = $('form').find('input[name="my_data"]').val();
$('form').submit(function() {
$.ajax({
type:'POST',
url:'/ajax',
data: {_token: token, my_data: myData}
// other ajax settings
});
return false;
});
});
</script>
Call csrf_token() in a hidden element in Blade template and get the token in js - useful when sending Ajax POST request without a form:
Blade:
<span id='csrf' style='display:none'>{{ csrf_token() }}<span>
JavaScript:
<script>
$(document).ready(function() {
let token = $('#csrf').html();
$.ajax({
type:'POST',
url:'/ajax',
data: {_token: token, my_data: 'john'}
// other ajax settings
});
});
</script>
I just use #csrf inside the form and its working fine
I always encounter this error recently. Make sure to use a more specific selector when referring to a value. for example instead of $('#firstname') use $('form').find('#firstname');
Laravel 5.8
use the csrf in the ajax url(separate js file)
$.ajax({
url: "/addCart" + "?_token=" + productCSRF,
type: "POST",
..
})
guys in new laravel you just need to do this anywhere. in JS or blade file and you will have csrf token.
var csrf = document.querySelector('meta[name="csrf-token"]').content;
it is vanilla JS. For Ajax you need to do this.
var csrf = document.querySelector('meta[name="csrf-token"]').content;
$.ajax({
url: 'my-own-url',
type: "POST",
data: { 'value': value, '_token': csrf },
success: function (response) {
console.log(response);
}
});
If you are work on laravel 7.0 project and facing this error
Adding a token as part of the parameter to be sent to the controller would solve the problem just like the answers given above. This is as a result of Laravel protecting your site against cross-site attack. which requires you to generate a unique token on every form submission.
"_token": "{{ csrf_token() }}"
You can now have;
const postFormData = {
'name' : $('input[name=name]').val(),
"_token": "{{ csrf_token() }}"
};
$.ajax({
url: 'pooling'
, type: 'post'
, data: postFormData
, dataType: 'json'
, success: function(response) { consolel.log(response) }
});
Simply putting csrfmiddlewaretoken: '{{ csrf_token }}' inside data works well!!
$.ajax({
url : "url where you want to send data"
type : "POST", // http method
data : {
name:"...",
csrfmiddlewaretoken: '{{ csrf_token }}' , #this works for me
},
// handle a successful response
success : function(data){
alert('......');
},
error : function() {
..............
}
});
There also could be a case when you define your $middlewareGroups
You should use the following format:
protected $middlewareGroups = [
'web' => [],
'api' => [
'web',
'throttle:500,1'
],
'basic' => [
'auth:basic',
]
];
If you're upgrading laravel from 5 to 8, and face this error, add following to app/Http/Middleware/VerifyCsrfToken.php:
public static function serialized()
{
return true;
}
In script tag in your blade file, do like this to generate a valid form token and get it in jQuery
<script>
$(document).ready(function() {
$("#my-upload-button").click(function() {
var token = "{{ csrf_token() }}";//here getting token from blade
$.post('my-url', {
_token: token,
datra: ...
},
function(data) {
alert(data);
});
});
});
I this problem was resolved for me just by removing processData: false
$.ajax({
url: '{{ route('login') }}' ,
method: 'POST',
data: {
_token : {{ csrf_token() }},
data : other_data,
},
cache: false,
//processData: false, // remove this
...
success: function(res){
...
}
});
In your main page (someViewsName.blade.php), declare a global variable
<script>
var token = "{{ csrf_token() }}";
</script>
<script src="/path/to/your_file.js"></script>
Then, in your_file.js
$.ajax({
type: "post",
url: "http://your.url/end/point",
data: {
_token:token,
data:your_data,
},
dataType: "json",
success: function (response) {
// code some stuff
}
});
Lol, I had the same issue tried each and every solution but after that checked env again and there was one flag true which causes the issue,
SESSION_SECURE_COOKIE=true
remove this line it will fix the issue.
I actually had this error and could not find a solution. I actually ended up not doing an ajax request. I don't know if this issue was due to this being sub domain on my server or what. Here's my jquery.
$('#deleteMeal').click(function(event) {
var theId = $(event.currentTarget).attr("data-mealId");
$(function() {
$( "#filler" ).dialog({
resizable: false,
height:140,
modal: true,
buttons: {
"Are you sure you want to delete this Meal? Doing so will also delete this meal from other users Saved Meals.": function() {
$('#deleteMealLink').click();
// jQuery.ajax({
// url : 'http://www.mealog.com/mealtrist/meals/delete/' + theId,
// type : 'POST',
// success : function( response ) {
// $("#container").replaceWith("<h1 style='color:red'>Your Meal Has Been Deleted</h1>");
// }
// });
// similar behavior as clicking on a link
window.location.href = 'http://www.mealog.com/mealtrist/meals/delete/' + theId;
$( this ).dialog( "close" );
},
Cancel: function() {
$( this ).dialog( "close" );
}
}
});
});
});
So I actually set up an anchor to go to my API rather than doing a post request, which is what I figure most applications do.
<p><a href="http://<?php echo $domain; ?>/mealtrist/meals/delete/{{ $meal->id }}" id="deleteMealLink" data-mealId="{{$meal->id}}" ></a></p>
I have a new.html.twig,I am using few ajax calls on this page on changes events of drop down.
So I have created a septate js file called new.js and keep my all JavaScript code inside this file, instead to write it on same view file.
But here in this js file I am unable to access the routing path which is call a ajax request. on change event.
===========New.twig.html=====================
include(new.js);
<select><name='a' onchange="setLabel('123')"></select>
============new.js.=============
function setLabel(voucherTypeID) {
queryString = "voucherTypeID=" + voucherTypeID;
$('#loading-image').show();
$.ajax({
type: "POST",
url: "{{path('vouchergeneration_getLedgers')}}", //THIS PATH How TO GET
data: queryString,
cache: "false",
dataType: "html",
success: function (data){
});
So here I am not able to access the URL Path, while it was accessible in twig file before. Please guide me how to fix this. I do not want to use anykind of Bundle for this simple work.. Thanks in advance..
There is very simple bundle for this simple work FOSJsRoutingBundle
Once this bundle is enabled you only need to do
Routing.generate('my_route_to_expose', { id: 10 }); // will result in
/foo/10/bar
Routing.generate('my_route_to_expose', { id: 10, foo: "bar" }); //
will result in /foo/10/bar?foo=bar
$.get(Routing.generate('my_route_to_expose', { id: 10, foo: "bar" }));
// will call /foo/10/bar?foo=bar
Routing.generate('my_route_to_expose_with_defaults'); // will result
in /blog/1
Routing.generate('my_route_to_expose_with_defaults', { id: 2 }); //
will result in /blog/2
Routing.generate('my_route_to_expose_with_defaults', { foo: "bar" });
// will result in /blog/1?foo=bar
Routing.generate('my_route_to_expose_with_defaults', { id: 2, foo:
"bar" }); // will result in /blog/2?foo=bar
EDIT:
Of course you can do it without bundle (which I don't think is a good idea). In that case I would advice set your routes in controller's action and set use it in twig template to set js variable. Something like:
Controller:
public function indexAction()
{
return array('yourRoute' => $router->generate('yourRoutName'));
}
your template:
<script type="text/javascript">
var yourRoute = '{{yourRoute}}';
</script>
your js:
(...)
url: yourRoute,
(...)
If you want to embed an URL and get it with your JS, you could do something like the following:
// HTML/Twig
<html data-my-route="{{ path('vouchergeneration_getLedgers') }}">
...
</html>
Then in your JS:
$.ajax({
type: "POST",
url: $('html').attr('data-my-route'),
data: queryString,
cache: "false",
dataType: "html",
success: function (data){
});
It avoids having global variable, and you can use as many data-attribute as you want.
If you are using fetch then you can get the url of the post by using data.url:
fetch('/check', {
method: 'POST', // or 'PUT'
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(qrinfo)
})
.then((data) => {
let url = data.url;
if(url.includes('/leave.html')) {
window.location.replace('/leave.html');
}
else {
console.log("Page not changed.");
}
console.log('Success:', data);
})
.catch((error) => {
console.error('Error:', error);
});
You can check if the path name is included in the url instead by using .includes() so changing ports won't be an issue.
I have this method that I want to run a php file using ajax and then reload the page.
function winA()
{
var x = "<?php echo $id;?>"
$.ajax({ url: 'w.php5' ,
data: { id: x },
success: function(data) {
window.location.reload()
}
});
}
This is what I have and I've looked it over endless times for flaws, made sure the php variable is reading properly and made sure the function is truly being called. The php file works properly when called w.php5?id=1
Why won't this ajax call work?
Thanks in advance for the help, Aaron.
function winA()
{
var x = "<?php echo $id;?>"
$.ajax({ url: 'w.php5' ,
data: { id: x },
success: function(data) {
window.location.reload()
}
error:function (xhr, ajaxOptions, thrownError)
{
alert(xhr.status);
alert(thrownError);
}
});
}
This way it will show alert in case of ajax error
Also, if in chrome, press the combination Ctrl+Shift+I for developer tools and check network tab to see if w.php5 is called, and what is the response. Dont know tools for other browser but there should be something like that
There are 2 alternatives.
If you want to post some other data, use this
.ajax({
type: 'POST',
url:'w.php5',
data: {id: '<?php echo $id; ?>'},
success: function(resp){
console.log(resp);
},
dataType:'json'
});
If you go this way, your ID is going to be stored in $_POST array => *$_POST['id']*
If you want to just get some data by ID you post, use this
.ajax({
type: 'GET',
url:'w.php5?id=<?php echo $id; ?>',
success: function(resp){
console.log(resp);
},
dataType:'json'
});
If you go this way, your ID is going to be stored in $_GET array => *$_GET['id']*
You're missing a semicolon here:
var x = "<?php echo $id;?>"
Should be:
var x = "<?php echo $id;?>";
//set the method
POST or GET
type:'GET'; or type:"POST"
That url is probably missing a leading forward-slash, assuming you are trying to access a url like www.myurl.com/w.php?id=5
Try
url: '/w.php?id=5',
If that doesn't work, you need to inspect the request using a developing tool within Chrome or Firefox.
You can also var_dump the $_GET or $_POST in w.php, as the response will expose the output.