I'm developing a Laravel Web Service.
When I try my POST routes with web forms, everything works fine, but when I try the same with a REST Client like Postman it doesn't get me the response that should.
It gives me status code 302, and redirects to "/". What's the problem?
This might be useful for other users that having the same problem cannot solve it with the accepted solution.
Make sure that the form fields names for instance <input type="text" name="document_name"> (document_name), match the names of the rules fields declared in the model.
public static $rules = ['document_name' => 'required|string'];
It doesn't throw any errors, nothing in the logs, it just redirects to the form, therefore the difficulty to find the problem.
When you try to POST request by Postman,you need to add _token field and it's value which is used to be protect XSS attack.See https://laravel.com/docs/5.2/routing#csrf-protection
When visiting the endpoint using Postman, set the Header
Accept: application/json
or Laravel would never know it's an API client and thus redirect with 302 message.
It's the mechanism for latest Laravel version since they provide api.php router beside web.php router.
Http status code 302 is used for redirection. It can be due to server side problem, Please check your laravel project's error log file or apache's error log file.
it looks like in postman you should point that the data you send is 'x-www-url-formurlencoded'
Related
I am working on a laravel application. Upon hosting it on my domain, I am running into a "CSRF token mismatch" error. Locally, the application is working fine because I have included the csrf token in the header as shown in the documentation. Therefore, the csrf token is being generated successfully and being included in the header of requests. On doing some debugging, I changed the SESSION_DRIVER in env file to file so that I can see the sessions. I realized that multiple sessions are being generated for one user. The SESSION_LIFETIME is set to 120, which I believe is okay. In looking at the tokens in the sessions stored in storage/framework/sessions, none contains the token that is generated by the browser. What could be the issue? Remember that it is working fine locally. What configurations on the host domain could be affecting the sessions of the application.
I once ran into the same error while hosting in the cPanel and took me almost 3days to figure out the solution for my case.
I do not know if this works for you but give it a try.
Inside your main index.php file inside the public folder, edit it and at the very top after starting PHP tags, write
ob_start()
This function will take the contents of the output buffer and returns a string that is to be sent to the browser for rendering and removes the spaces or line breaks you put before starting PHP.
Also, try clearing the cache as suggested in the comments.
Let me know if this helps you as well.
I had this very same problem, receiving the "CSRF Token Mismatch" exception in Laravel 7, having fixed everything else, like setting the csrf token on page header, in ajax requests, clearing the cache, anything you can think of and usually find in solution proposals.
So, if anyone ever runs into this, I haven't found this solution anywhere else, and it really cost me hours.
I had called the application on the wrong URL!
I used my local IP literally, instead of using the word "localhost".
So, if you're developing locally, calling you app with your IP, try calling it on http://localhost!
Add the following line to the head tag.
<meta name="csrf-token" content="{{ csrf_token() }}"> // Add in <head></head>
Then get you can get this content attribute in Laravel. Also, in your script tag, add the following code (this is to make sure when you submit the form, you get the correct csrf_token).
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Unlike #cslotty, in my case I actually had to change my URL from 'localhost' to '127.0.0.1' for it to work. My frontend is in React and the backend in Laravel 8.
I faced this issue. I found the solution in Laravel document itself.
We can add $csrf after the form element
<form method="POST" action="/profile">
#csrf
//input fields here
</form>
I just finished api on laravel , it work perfectly on front-end but I want to block api to access via browser or postman or etc, I just want to POST and GET from my front.
for example, if someone run post request in browser:
And if run get request in browser (auth need):
Also if someone run this url api.mywebsite.com, see Laravel intro page, and I don't want to show to user, how can I prevent this?
And last thing, if user runs post or get request in postman, it works, and I only want it to work with my domain. I am using this CORS middleware.
How to prevent user access to get/post request via browser/postman?
How to limit api just on my domain name?
For remove Laravel welcome page:
Go to
route/web.php, comment this line:
return view('welcome');
Or replace with:
return abort(404);
Or you can remove with own route, it return same 404
For remove route login, you need to go to:
app/Http/Middleware/Authenticate.php
Find and replace redirectTo function with:
protected function redirectTo($request)
{
if (! $request->expectsJson()) {
return abort('404');
}
}
Or really redirect to your login page, or etc.
And go to config/cors.php and replace yours with this:
'allowed_origins' => ['http://yourwebsite.com'],
And no need to worry about postman but if you want to avoid people do a direct request to your api you need to use api_token
Oh I forgot your another question, after all, you should not see any of these errors on your browser, except you forget to set these on .env:
APP_ENV=production
APP_DEBUG=false
I want to redirect to a page (error.php, for example) depending on the info in a form in my website. I managed to log an error like this:
if ($date > $curdate) {
return $response
->withStatus(406)
->withHeader('Content-Type', 'text/html')
->write('You can\'t select dates in the future!');
}
How can I do it so it sends you to a page with that error in particular instead of logging/requesting it in the network tab?
Right now I get this:
Request URL:http://raspberrypi/chartAPI/api/{id}/{date1}/{date2}
Request Method:POST
Status Code:406 Not Acceptable
Remote Address:192.168.0.80:80
Referrer Policy:no-referrer-when-downgrade
Which is almost working as intended. What I want to do is for it to send me to "http://raspberrypi/chartAPI/error/406" (for example), and display the contents in a file called 406.php (or error406.php, or error.php or whatever call it).
I managed to do something with this:
return $response->withRedirect("error.php");
But I get this:
Request URL:http://raspberrypi/chartAPI/api/{id}/{date1}/error.php
Request Method:GET
Status Code:405 Method Not Allowed
And slim throws this error:
Method not allowed. Must be one of: POST
Why is it removing {date2}? And why is it asking for a POST method?
This question is a continuation of this one, but due to how this website handles these "old" questions, mine got pushed down and regardless of how many edits I put, it doesn't get any attention anymore.
When you are using withRedirect, use a Route URL not a file to browse
The Error is about using GET Method Where the Route needs POST
I think this is Because you use a file to redirect to,Then the method will be Only GET not POST or others like a browser
I don't Know Why you are using POST whenever you pass parameters in URL ?!
I'm facing a strange behaviour while working with a web-service.
Most of the URLs send me back a correct json response even if I work with urlencode().
So, for example, if I use http://mywebservice/?q=json_themes_abc%2F254 or http://mywebservice/?q=json_themes_abc/254, I'll get the same response.
But, only for one type of request, http://mywebservice/?q=json_demarches/2808 works and not http://mywebservice/?q=json_demarches%2F2808.
It happens only with ?q=json_demarches requests.
Does someone have a clue? Is the problem in my side or their? I read something about turning on “AllowEncodedSlashes” directive in their Apache but wouldn't be a general issue with all their URL if so?
Thanks in advance.
Upon debug I'm getting a response that states Lead Capture Page: Not available.
Has anyone run into this problem... I'm passing everything correctly and salesforce.com board is no help at all.
Unfortunately, the error message you got is generic, it doesn't say what the error is.
Using the debug=1 param, or the debugemail param, it tries to return to you the page that the post came from. I think it uses the Referer: header for that. No referrer header (like if you just curl post data to sf), then you get the line above instead of something like
Lead Capture Page: http://yoursite.com/your/form.php
Here's some other tips, given that sf isn't telling you jack:
instead of www.salesforce or test.salesforce, try posting to the same subdomain you see when you log in by browser.
Also look at the return header Is-Processed:, I've seen exceptions in there.
try the generated form; as generated, you change the subdomain as above and it should work as-is. then gradually hack your form and the generated form towards each other till they both fail or both succeed.