Search code examples
laravelcsrflaravel-middleware

TokenMismatchException in VerifyCsrfToken.php line 67 - How to disable middleware and set that to be default

I'm studying Laravel through videos. I made a view with only a textbox and a submit button. After I clicked submit button, I have TokenMismatchException in VerifyCsrfToken.php line 67 error.

TokenMismatchException in VerifyCsrfToken.php line 67:

C:\xampp\htdocs\laravel_tut\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php line 67:
in VerifyCsrfToken.php line 67
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartSession.php line 62
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Router.php line 726
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
at Router->dispatchToRoute(object(Request)) in Router.php line 675
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 54

I have PostsController:

//PostsController
<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

use App\Http\Requests;

class PostsController extends Controller
{
    ...

    public function create()
    {
        //
        return view('posts.create');
    }

    public function store(Request $request)
    {
        //
        return $request->all();
    }
    ...
}

routes.php:

Route::resource('/posts', 'PostsController');
Route::group(['middleware'=>['web']],function(){

});

create.blade.php:

@extends('layouts.app')

@section('content')

<form method="post" action="/posts">
    <input type="text" name="title" placeholder="Enter title">
    <input type="submit" name="submit">
</form>

I googled and most solutions suggest adding:

< meta name="csrf-token" content="{{ csrf_token() }}" />

but I didn't see the tutor add this line. I noticed that in his route:list, his middleware column's values are empty while mine are 'web'

$ php artisan route:list
+--------+-----------+--------------------+---------------+----------------------------------------------+------------+
| Domain | Method    | URI                | Name          | Action                                       | Middleware |
+--------+-----------+--------------------+---------------+----------------------------------------------+------------+
|        | GET|HEAD  | insert             |               | Closure                                      | web        |
|        | POST      | posts              | posts.store   | App\Http\Controllers\PostsController@store   | web        |
|        | GET|HEAD  | posts              | posts.index   | App\Http\Controllers\PostsController@index   | web        |
|        | GET|HEAD  | posts/create       | posts.create  | App\Http\Controllers\PostsController@create  | web        |
|        | DELETE    | posts/{posts}      | posts.destroy | App\Http\Controllers\PostsController@destroy | web        |
|        | PUT|PATCH | posts/{posts}      | posts.update  | App\Http\Controllers\PostsController@update  | web        |
|        | GET|HEAD  | posts/{posts}      | posts.show    | App\Http\Controllers\PostsController@show    | web        |
|        | GET|HEAD  | posts/{posts}/edit | posts.edit    | App\Http\Controllers\PostsController@edit    | web        |
+--------+-----------+--------------------+---------------+----------------------------------------------+------------+

I assume that if I can disable this middleware, the problem will be solved. However, I also didn't see the tutor do the disable step in any of his project, so I think he set it by default, so the middleware is always disabled in any project. Am I thinking the right way to fix this VerifyCsrfToken error? If so, how can I disabled middleware and set that to be default for other project? I'm using Laravel 5.2.39 and NetBeans IDE.

This is the tutor's route:list

tutor's route:list

Solution

  • Thankfully this is pretty straight forward.

    With jQuery and the Meta tag, you could make sure all of your forms always get the proper token:

    $('form').each(function(i, form){
    var $form = $(form);

    if (! $form.find('input[name="_token"]').length) {
        $('form').prepend('<input type="hidden" name="_token" value="'+ $('meta[name="csrf-token"]').prop('content') +'"/>');
    }
});

    Or you can do it manually 1 of 2 ways, both you can see below:

    <form method="post" action="/posts">
    <!-- pick one of these 2 -->
    {!! csrf_field() !!}
    <input type="hidden" name="_token" value="{{ csrf_token() }}"/>

    <input type="text" name="title" placeholder="Enter title">
    <input type="submit" name="submit">
</form>