Laravel 419 on post requests after upgrade from 5.4

Question

Did an upgrade from 5.4 to 5.7, after that every ajax post request is 419 with:

    {message: "", exception: "Symfony\Component\HttpKernel\Exception\HttpException",…}
exception: "Symfony\Component\HttpKernel\Exception\HttpException"
file: "pathto/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php"
line: 204
message: ""
trace: [{,…}, {file: "pathto/public_html/app/Exceptions/Handler.php", line: 47, function: "render",…},…]
0: {,…}
class: "Illuminate\Foundation\Exceptions\Handler"
file: "pathto/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php"
function: "prepareException"
line: 176
type: "->"

Followed the upgrade instructions which especially mentioned about Cookie Serialization:

protected static $serialize = true;

Cleared cache, checked the file permissions are ok. Went down to 5.6, then to 5.5 laravel versions but no help. Changed the cookie name, tried incognito. Tried to even bypass all:

protected $except = [
      "*"
    ];

But no change. What on earth could go wrong here?

Edit:

Ajax call:

                var $_token = $('#token').val();
                var url = '/delete';

                $.ajax({
                    headers: {'X-XSRF-TOKEN': $_token},
                    type: "POST",
                    url: url,
                    data: ({data: data}), // set up earlier
                    success: function (data) {

                    }
                });   

Controller:

public function delete(Request $request)
    {  
      $id = $request->input('data);
      Post::where('id', $id)->delete();
     }

Also tried with $('meta[name="csrf-token"]').attr('content')

This gave me:

payload is invalid

id token is taken from:

    <?php
    $encrypter = app('Illuminate\Encryption\Encrypter');
    $encrypted_token = $encrypter->encrypt(csrf_token());
    ?>
    <input id="token" type="hidden" value="{{$encrypted_token}}">

Answer 1

Old topic but I just got back to it now and figured it out.

Reason was that I was passing: XSRF-Token in older Laravel instead of CSRF-Token, the never versions don't seem to work with XSRF anymore. Switched to CSRF and that fixed it.

Answer 2

Hard to tell without your controller and the actual ajax call... but I've had similar problems with this 419 error. There were two causes for me:

1) Failed token verification. To check, add this to your ajax call:

$.ajaxSetup({
  headers: {
    'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
  }
});

Though... your having tried to except everything should have allowed this through (assuming you had that line in the right place).

EDIT: If you are passing your X-XSRF-TOKEN from JavaScript, decode it using decodeURIComponent()

2) It's possible that your controller is trying to render the view without all the information it needs. Any chance you need to send a variable through to the view in the ajax controller function and it is missing? I realize this worked before, but there were some big changes to 5.5 (including the way CSRF was handled as above).

3) Just a general error that I've had, but it might be possible that the data is not transferring in the same way as it did with 5.4. Just check to see if the way the data is coming in to the controller is not error-ing out. IE do a dump from the controller before it gets back to the view and see what your browser reports is transferring

Answer 3

just add

{{ csrf_field() }}

to your blade template

something like

<form method="POST" action="/projects">
  {{ csrf_field() }}
    <div class="form-group">

	    <label for="title">Title</label>

	    <input id="title" class="form-control" type="text" name="title" placeholder="Project Title" required  />

		</div>

    <div class="form-group">

        <button type="submit" class="btn btn-primary">

          Create Project

       </button>


     </div>
		
</form>