1

I have this method in 'Flight' controller :

    /**
 * Store a newly created resource in storage.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function store(Request $request)
{
    $arrivalDateTime = $request -> input('arrival.datetime');

    return $arrivalDateTime;
}

and the route:

Route::resource('api/v1/flights', v1\FlightController::class, ['except' => ['create', 'edit']]);

I tried to make POST request using HttpRequester to this address:

http://localhost:8000/api/v1/flights

With this content:

{
"flightNumber":"JWM12345",
"status":"ontime",
"arrival": {
    "datetime":"2016-04-10 22:34:01",
    "iataCode":"A57"
},
"departure": {
    "datetime":"2016-04-10 21:34:01",
    "iataCode":"9C1"
}}

I set the Content Type to 'application/json', then I submit the request and got this error:

TokenMismatchException in VerifyCsrfToken.php line 67:

in VerifyCsrfToken.php line 67
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartSession.php line 64
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Router.php line 726
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 699
at Router->dispatchToRoute(object(Request)) in Router.php line 675
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 136
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 54
at require_once('/home/dendi/Documents/GitProjects/airview/public/index.php') in server.php line 21

What I suppose to do to make my request succeed?

Drizzer Silverberg
  • 193
  • 1
  • 1
  • 7

4 Answers4

1

Really easy fix - just add this line:

{{ csrf_field() }}

inside your form. It will create a hidden field that is used for CSRF protection and the error will go away.

matthewpark319
  • 1,214
  • 1
  • 14
  • 16
1

_token is required in POST, PUT, DELETE Method. if you are using web middleware by default.

to obtain token you can create a route which uses csrf_token() function to get token and returns it. make a request to that route to get token which will be like n2s68OPSzaMVYyiFvvDhlRwvFF55zDwKaQPjX8AS and put it in request body like 

 {
   "_token":"n2s68OPSzaMVYyiFvvDhlRwvFF55zDwKaQPjX8AS",
   ...
 }

and make requests.

OR

If you don't want to use csrf vaildation on some routes create an new VerifyCsrfToken Class like this in what ever namespace I used this namespace App\Http\Middleware

Now add the routes that you want not be verified by csrf token in $except array.

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier {

     protected $except = [
        'api/v1/flights'
    ];

 }

now Replace this in kernel.php

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', // <-- this
 ]

with this

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'App\Http\Middleware\VerifyCsrfToken', // <-- this
 ]

hope this helps :)

Shahzaib Sheikh
  • 647
  • 1
  • 9
  • 21
0

I think you should upgrade to Laravel 5.4, in 5.4 there is a different file named api.php in route folder, there you can write your api routes, which can be accessed by "api/ruote_name".

Cheers.

Kirsten Phukon
  • 314
  • 3
  • 17
  • thanks, maybe it will work if upgrade to 5.4. But I have a problem following laravel update, and still comfort in 5.2. – Drizzer Silverberg Apr 05 '17 at 18:50
  • You can try one thing- you send the data in request body as raw json format, then your problem will be solved i hope. Normally if Content-type is application/json and you are sending data in form body then token mismatch occur. You can just set the Content-Type to application/json and data in body as raw json. – Kirsten Phukon Apr 06 '17 at 09:07
0

In regards to what a CSRF token is I think you should read this excellent answer. Laravel validates these requests with middleware called VerifyCsrfToken.

If you want to disable this in Laravel 5.2, open App/Http/Kernel.php

protected $middleware = [
        'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
        'Illuminate\Cookie\Middleware\EncryptCookies',
        'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
        'Illuminate\Session\Middleware\StartSession',
        'Illuminate\View\Middleware\ShareErrorsFromSession',
        'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
]

and remove the 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken' from your middleware array.

Community
  • 1
  • 1
Daniel
  • 10,641
  • 12
  • 47
  • 85