Laravel 5.6 post form doesn't work

Question

I have a page that contains different info about a list of objects, each row has a button to confirm the object in the current row.

If I try to submit the "confirm" button, Laravel shows a page with these words: "The page has expired due to inactivity. Please refresh and try again."

index view page:

<form action="{{url('confirm')}}" method="POST" enctype="multipart/form-data">
  <input type="hidden" value="idproof"  id="id"  name="id" >
  <input type="hidden" value="nameproof"  id="name"  name="name" >
  <input type="submit" class="btn" value="Confirm"/>
</form>

web.php

Route::get('confirm','Controller@showList');
Route::post('confirm', 'Controller@confirmObject');

controller method:

public function showList()
{
  $ob=Object::all();
  return view('object.index',compact('poiValidation',$ob));
}


public function confirm(ObjectRequest $request,Object $poiToSave)
{
   // just a proof
   return  $request;
}

Request is autogenerated by a Laravel command.

If i put the route in the api.php, it works. I can't figure out why it doesn't work in web.php

Thanks in advance!

Answer 1

You will need to send a cross site request forgery (CSRF) token in your form post. A quick way to do this in laravel 5.6 is the blade directive "@csrf".

<form action="{{url('confirm')}}" method="POST" enctype="multipart/form-data">
@csrf
<input type="hidden" value="idproof"  id="id"  name="id" >
<input type="hidden" value="nameproof"  id="name"  name="name" >
<input type="submit" class="btn" value="Confirm"/>
</form>

You can learn more about laravel and CSRF tokens here: https://laravel.com/docs/5.6/csrf

Answer 2

Try this one

<form action="{{url('confirm')}}" method="POST" enctype="multipart/form-data">
 {{ csrf_field() }}
            <input type="hidden" value="idproof"  id="id"  name="id" >
            <input type="hidden" value="nameproof"  id="name"  name="name" >
            <input type="submit" class="btn" value="Confirm"/>
                 </form>