Reputation: 1909
Angular2 and Laravel CSRF protection
I have already read some topics
And the problem I encountered is lies in this piece of code
<meta property="csrf-token" name="csrf-token" content="{{ csrf_token() }}">
I'm using Angular2 as core engine, which sending AJAX requests to Laravel API and I'm not using blade templates - just .html files, so I can't call php function csrf_token() from html file
So, I added a temporary solution by extending my /var/www/pandacrm/app/Http/Middleware/VerifyCsrfToken.php file
public function handle($request, Closure $next)
{
if ( ! $request->is('api/*'))
{
return parent::handle($request, $next);
}
return $next($request);
}
But it seems not the best way to work around, is there any other solutions to resolve this issue?
Upvotes: 1
Views: 1055
Answers (1)
Reputation: 8170
You can create a meta tag with csrf-token by using JavaScript in your html file!
How to do this:
Send an Ajax request to Laravel Route to get token. (return csrf-token in a Controller action) And then create a meta tag with that token in your html file.
But before doing this, you have to disable csrf protection on that specific route. There is a way to do this here for laravel5 and here for 5.3.
Now you have a meta tag with csrf that can be used for other ajax requests.
Upvotes: 3
Related Questions
- How to setup CSRF in JavaScript for laravel?
- Laravel 5 X-CSRF-TOKEN 500 (Internal Server Error) in Ajax
- Laravel csrf token mismatch for ajax GET Request
- CSRF token mismatch in Laravel / Angular app
- How to get through CSRF Protection with Ajax in Laravel 5.2
- Laravel CSRF protection with REST API
- Laravel 5.2 ajax CSRF
- CSRF Token Security
- Laravel - CSRF for custom ajax posts
- Using CSRF in Laravel