CODEWITHSUNDEEP
laravellaragon
beginner
beginner

Reputation: 2032

Laravel Forbidden Access when using Ajax

I installed a fresh Laravel App with authentication. I am using laragon. The login, registration, reset password pages are working fine. I created a profile controller for the user to edit profile. However, when submitting the form through Ajax, it gives me a Forbidden - You don't have permission to access / / /profile/edit_profile on this server.. 

         class ProfileController extends Controller
            {
                //

                function index()
                {
                    return view('profile.index');
                }

                function edit_profile(Request $request)
                {
                    $txt_midname = $request->input('txt_midname');
                    $txt_firstname = $request->input('txt_firstname');
                    $txt_lastname = $request->input('txt_lastname');
                    $extname = $request->input('extname');
                    $user = Auth::user();
                    $user->firstname = $txt_firstname;
                    $user->midname = $txt_midname;
                    $user->lastname = $txt_lastname;
                    if ($user->save()) {
                        return 'ok';
                    }
                }

            }

Here is also the route:

Route::post('/profile/edit_profile', 'ProfileController@edit_profile')->name('edit_profile');

and the view:

            $('#btn_update').on('click', function() {
                var btn_text = $('#btn_update').text();
                var txt_firstname = $.trim($('#txt_firstname').val());
                var txt_midname = $.trim($('#txt_midname').val());
                var txt_lastname = $.trim($('#txt_lastname').val());
                var extname = $.trim($('#extname').val());

                $.post(baseUrl + '/profile/edit_profile', {
                    '_token': token,
                    'txt_midname': txt_midname,
                    'txt_firstname': txt_firstname,
                    'txt_lastname': txt_lastname,
                    'extname': extname
                }, function(data) {
                    if (data == 'ok') {
                        window.location.reload();
                    }
                })
            })

enter image description here

Upvotes: 0

Views: 210

Answers (2)

beginner
beginner

Reputation: 2032

It was my mistake. The problem is with my baseUrl in javascript. It should be var baseUrl = "{{url('')}}";instead of var baseUrl = '{{url('')}}';

Upvotes: 0

Potato Science
Potato Science

Reputation: 602

You need to inject the csrf token to your request.

$.post({
  headers: {
    'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  },
  url: '/admin/gallery/create/ajax',
  data: {}, 
  method: 'POST',
  success: function(response) {
  },
  error: function(error) {
  }
})

or if you want every ajax request inject the csrf token you can do this as well.

$.ajaxSetup({
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
    'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  }
});

Upvotes: 1

Related Questions