2

I have a laravel project which I have deployed on heroku. It opens when I submit the form it initially says " The information you’re about to submit is not secure " and if i still submit it, is says "419 page expired"

I tried a lot of solutions my form sample is

<!DOCTYPE html>
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="csrf-token" content="{{ csrf_token() }}">
    <title>Upload File</title>
    
</head>
<body>

    <!-- store route as action -->
    <div class="container">
            <div class="row">
                <div class="col-12">

                <br><br><br>
    <form action="{{route('video')}}" method="post" enctype="multipart/form-data">
        @csrf
        {{ csrf_field() }}
        <input type="file" class="form-control" name="videothing" id="videotitle" accept=" video/*">
        <input type="submit" class="btn btn-sm btn-block btn-danger" value="Upload" onclick="spinner()">
    </form>
    
        
    @if (session('message'))
    <h1 id="v">{{ session('message') }}</h1>
@endif

Laravel 419 Page Expired on production server. [ framework : Laravel | version : 7.5.2 ] Laravel 6 Showed 419 | page expired

I followed these links and when I commented the

\App\Http\Middleware\VerifyCsrfToken::class,

in kernel.php, the error stops but on submitting the form it does not redirect to route rather just reloads the page, I am sure it is CSRF issue but can't resolve it

In my VerifyCsrfToken.php, I did included

 protected $except = [
        //
        'https://laraveluploading.herokuapp.com/',
        'https://laraveluploading.herokuapp.com/video',
    ];

my session.php is

<?php

use Illuminate\Support\Str;

return [

   

    'driver' => env('SESSION_DRIVER', 'file'),

    'lifetime' => env('SESSION_LIFETIME', 120),

    'expire_on_close' => false,

   
    'encrypt' => false,

   
    'files' => storage_path('framework/sessions'),

    
    'connection' => env('SESSION_CONNECTION', 'mysql'),

    
    'table' => 'sessions','books','videos',


    'store' => env('SESSION_STORE', null),

    'lottery' => [2, 100],

   

    'cookie' => env(
        'SESSION_COOKIE',
        Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
    ),

    

    'path' => '/',

    'domain' => env('SESSION_DOMAIN', 'https://laraveluploading.herokuapp.com'),

    

    'secure' => env('SESSION_SECURE_COOKIE',false),

    'http_only' => true,

    'same_site' => 'lax',

];

my web.php has

<?php

use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\DB;
use Illuminate\Http\Request;
use App\Exceptions\Handler;
use Symfony\Component\Debug\Exception\FatalThrowableError;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/

Route::get('/', function () {
    
    return view('welcome');
})->name("start");


Route::post('/upload', function (Request $request) {
   try{
    if($request->file("thing")=="")
    {
        // return back()->withInput();
        return redirect()->route('start')->with('message', 'Insert Data!');
    }
    else
    {
        $name=$request->file("thing")->getClientOriginalName();
        $book=DB::table('books')->where('Title',$name)->count();
        if($book>0)
        {
        return redirect()->route('start')->with('message', 'Document already exists!');

        }
        else{
            $lang=$request->input("lang");
            $cato=$request->input("catogory");
            Storage::disk("google")->putFileAs("",$request->file("thing"),$name);
            $url=Storage::disk('google')->url($name);
            $details=Storage::disk("google")->getMetadata($name);
            $path=$details['path'];
            DB::insert('insert into books (Title, Catogory, Language, Url, FileId) values (?,?,?,?,?)', [$name,$cato,$lang,$url,$path]);
            return redirect()->route('start')->with('message', 'Successfully uploaded document, you have recieved token!');
        }
    }
}
catch(Throwable $e)
{
    return redirect()->route('start')->with('message', 'some error occured');
}
    
})->name("upload");

Route::get('/video', function(){
    return view('showvideo');
})->name("startvideo");

Route::post('/video', function (Request $request) {
    try{
     if($request->file("videothing")=="")
     {
         // return back()->withInput();
         return redirect()->route('startvideo')->with('message', 'Insert video!');
     }
     else
     {
         $videoname=$request->file("videothing")->getClientOriginalName();
         $video=DB::table('videos')->where('video_name',$videoname)->count();
         if($video>0)
         {
         return redirect()->route('startvideo')->with('message', 'Video name already exists!');
 
         }
         else{
            //  $lang=$request->input("lang");
            //  $cato=$request->input("catogory");
             Storage::disk("google")->putFileAs("",$request->file("videothing"),$videoname);
             $videourl=Storage::disk('google')->url($videoname);
            //  $videodetails=Storage::disk("google")->getMetadata($videoname);
            //  $path=$details['path'];
             DB::insert('insert into videos (video_name, video_url) values (?,?)', [$videoname,$videourl]);
             return redirect()->route('startvideo')->with('message', 'Successfully uploaded video');
         }
     }
 }
 catch(Throwable $e)
 {
     return redirect()->route('startvideo')->with('message', 'Some error occured in video uploading');
 }
     
 })->name("video");

in my application config var on heroku i have added the database credendtials (which is on azure) and also the google client id, secret key, refresh token required for connection with google drive.

I did tried my other solutions from different links but of no use. Please help me resolve the issue.

Twinkle
  • 59
  • 1
  • 5
  • `php artisan optimize:clear` – STA Aug 01 '21 at 09:48
  • I tried this but still same – Twinkle Aug 01 '21 at 09:56
  • Can it be the reason of connecting database?? I did all the database credentials in .env and database.php. Also I have a file upload system which submits the files to google drive. Its details are also in .env file and also on the heroku dashboard in the settings config app vars their i have included all the detail in key and value pair – Twinkle Aug 01 '21 at 09:57
  • both `@csrf` and `{{ csrf_field() }}` are same thing. why do you have them twice? – Sumit Wadhwa Aug 01 '21 at 10:50
  • I just added them because i read somewhere – Twinkle Aug 01 '21 at 10:54
  • Can anyone just please tell me one thing that if I have a database connection then is there a 100% need of making files of tables in migration – Twinkle Aug 01 '21 at 10:55
  • 1
    @Twinkle And... did you achieve to solve the issue? – Jesús Hagiwara Mar 06 '22 at 00:48

1 Answers1

0

I have the same issue and just solved the problem. Please try this

in AppServiceProvider.php

public function boot() {
    if(config('app.env') === 'production') {
        URL::forceScheme('https');
    }
}

Hopefully this can help you out.

Janzen Faidiban
  • 1