Reputation: 6386
Submit posts data from external website into laravel
I have a website that when the post is submitted goes to an external site where laravel is installed. I have a generic form on the website and upon submission i keep getting the 419 error in laravel. I've added the url in VerifyCsrfToken and it still wont work.
/app/Http/Middleware/VerifyCsrfToken.php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* Indicates whether the XSRF-TOKEN cookie should be set on the response.
*
* @var bool
*/
protected $addHttpCookie = true;
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'https://pharaohmfg.com/collections/*'
];
}
web.php
Route::get('/', 'PostController@index')->name('home.index');
Route::post('callback', 'PostController@callback')->name('callback.post');
postController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class PostController extends Controller
{
public function index(Request $request)
{
return redirect()->away('http://pharaohmfg.com');
}
public function callback(Request $request)
{
return $request->all();
}
}
what am i doing wrong? the website is https://pharaohmfg.com/collections/billiard-pool-tables/products/siamun-pool-table
Upvotes: 1
Views: 1268
Answers (2)
Reputation: 1712
You have a few options that are better than your current self-answer.
Fix Your $except
First, your $except should be the route the form posts to, not the url the form is on. This has the benefit of having whatever else is in the Laravel app be protected by CSRF tokens. Your current solution turns all of them off for everything. This is not ideal, but it will accomplish what you are looking to do.
iframe Your Form
Make the form an iframe so you can have a legit CSRF token in the first place. This is what FaceBook and Twitter often do (or did the last time I look) for their social media buttons (like, share, retweet).
Ajax
Setting up cors headers, you can write some fancy js to fetch the CSRF token from another route, while keeping the form on the external site. The upside is that you could also submit the form using ajax making the existence of the external server obvious. This, like the iframe solution, would allow everything to be served with proper CSRF tokens.
Upvotes: 4
Reputation: 6386
i figured it out,
in app/http/kernel.php i commented out the verifycsrftoken class from being loaded.
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
//\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
Upvotes: 0
Related Questions
- Save and Display POST request from external website in LARAVEL
- Post data to external URL
- Send POST request from an external site to Laravel
- Redirecting to external website with post data results in ErrorException (Laravel)
- Save Post Data from External Server To Laravel
- How to get $_POST data from external API - LARAVEL
- Laravel 5.2 Post form to external URL on submit
- posting to my Laravel website from another website and getting 302 error
- How to post from other system to laravel
- Laravel 4 make post request from controller to external url with data