CODEWITHSUNDEEP
laravel-5
Blu Crew
Blu Crew

Reputation: 25

laravel 5.4 csrf token mismatch

Laravel Framework 5.4.17

PHP 7.1.3-3+deb.sury.org~yakkety+1 (cli) (built: Mar 25 2017 14:01:32) ( NTS )Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies with Zend OPcache v7.1.3-3+deb.sury.org~yakkety+1, Copyright (c) 1999-2017,

by Zend Technologies

mysql  Ver 14.14 Distrib 5.7.17, for Linux (x86_64) using  EditLine wrapper

Description:

My logs are filling up constantly with:

Illuminate\Session\TokenMismatchException in /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:68

Steps To Reproduce:

Additional Notes:

From Session.php

'encrypt' => true,
'http_only' => true,

From .env

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_SECURE_COOKIE=true
QUEUE_DRIVER=sync

My site is running latest NGINX and is using HTTPS with SSL Cert from lets encrypt. I followed this guide. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

So my site is only accessible from HTTPS. In my browser I can see the cookies are being sent to me. Imgur

Im at a loss of why this is happening.

UPDATE: So I added the token tag to every forum I have and still logs loading with token mismatch error. I went through all my view and added so they look like so...

<!-- Add comment -->
<div class="col-md-12">
  {!! Form::open(array('route' => array('comment_torrent', 'slug' => $torrent->slug, 'id' => $torrent->id))) !!}
  {{ csrf_field() }}
  <div class="form-group">
    <label for="content">Your comment:</label><span class="badge-extra">Type <strong>colon :</strong> for emoji</span>
    <textarea name="content" cols="30" rows="5" class="form-control"></textarea>
  </div>
  <button type="submit" class="btn btn-danger">{!! trans('traduction.save') !!}</button><label class="checkbox-inline"><input type="checkbox" name="confirmation"><strong>Anonymous Comment</strong></label>
  {!! Form::close() !!}
</div>
<!-- /Add comment -->

Upvotes: 1

Views: 4481

Answers (1)

Adarsh Sojitra
Adarsh Sojitra

Reputation: 2199

You get this error when you don't pass CSRF token with your form. You can just add {{ csrf_field() }} in your forms and it will start working. For example:

<form method="POST" action="#>
    {{ csrf_field() }}
    // Your Fields here
</form>

Hope that helps! I am sure your error will be removed after adding {{ csrf_field() }} to your forms. It's in-built security feature from Laravel.

Upvotes: 2

Related Questions