I am integrating payment gateway in Laravel 5.6 but
The problem is sometimes call back URL from gateway page expire due to inactivity and sometimes its work perfectly.
while I have added call back URL in App\Http\Middleware; to prevent checking CSRF token.
Please help me know what i am doing wrong?
into the app/Http/Middleware/VerifyCsrfToken.php
replace
protected $except = [
'add payment url'
];
from protected $except= [];
Related
I have been working with Laravel since version 5.X up to version 8.X but always use it for backend API (never used blade template), and always pair it with VueJS on the front-end using JWT authentication (also never messed with any other authentication method).
Now with Laravel 9 and Vue 3, Im trying to use native Laravel Jetstream that uses SANCTUM and Vue+Inertia JS, and I'm quite lost with the authentication process. with JWT method, once the user succesfully login on the browser, all api request to Laravel will be authenticated using Authoraziation header. but this seems a different case with Sanctum.
After deploying and installing Jetstream and completed all the set-up. I created a user and loggedin with that user details. and I notice few things, there is a default API route
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
when I tried to directly access my.domain/api/user I notice it was redirected to GET /login
then redirected again to GET /dashboard
I then created a test api route using below
Route::get('test', function( Request $req) {
dd( [
'test' => $req->all(),
'user' => auth()->user(),
'request' => $req
] );
});
and I notice this request is not authenticated even when the cookies is present on the request as Im when I'm alraedy logged-in on the same browser, the auth()->user() is null.
I tried adding auth:sanctum middleware
Route::middleware('auth:sanctum')->get('test', function( Request $req) {
dd( [
'test' => $req->all(),
'user' => auth()->user(),
'request' => $req
] );
});
but having sanctum middle behave the same as the api/user where if i open api/test directly on the browser, it gets redirected to GET /login then redirected again to GET /dashboard and I'm quite lost at this point. I tried reading the docs and it says I have to do a separate authentication for this that would issue an API token and I was thinking I might better be going back with using JWT auth as it seems a lot easier to deal with.
So my question is; How can I authenticate an API end-point without having to redirect it to /login then /dashboard if the user is already logged in on my application using default sanctum authentication.
My goal is just to simply create /api/test that will be automatically authenticated if user already loggedin on the same browser and return the data I set on its return value and not doing any redirects.
Appreciate any help
I have got the same issue with laravel8
Jetstream and inertia vue3.
Am looking for the solution since 3 days posting messages on discord, searching on YouTube and more but nothing.
When i make an api call from your SPA to laravel, i got UNAUTHENTICATED response.
on postman you need put
headers
Accept = application/json
this tells your application know how works with Json
and go stop redirect to "Login"
i recently developed a laravel application integrated with webmoney
webmoney use POST to callback data from gateway
i have added the specified route in $except array in VerifyCsrfToken middleware
but i cannot get the current user in that route and then i figured out user has been logged out
would you please help me fix this ?
For resolving this problem you need in config/session set SameSite to null or none
For avoiding security issue it's better to set secure to true
I have been some problems making webhooks of Stripe works with my application.
So after being able to create, update, delete, resume subscriptions, and create my endpoint to my domain:
www.domain.com
I always recieve 419 http code when a user interact with my application.
Why does it happen?
I write this in case helps someone:
My problem was I hadn't included a route for stripe in my web.php, like this:
Route::post(
'stripe/webhook',
'\Laravel\Cashier\Http\Controllers\WebhookController#handleWebhook'
);
and you can't forget to include stripe in your verifycsrftoken middleware, like this:
protected $except = [
'stripe/*',
];
and once you have done it, you have to configure your endpoint in stripe dashboard to call to the previous route:
www.domain.com/stripe/webhook
and include all the events you want to listen to.
To test it in local you can use stripe cli, that works perfectly:
https://stripe.com/docs/stripe-cli
Eloquent: API Resources
I am Trying to Crud a table using POSTMAN and laravel Api Resources. ]
Although using get method i can get all the data. When i use delete or post method, it returns an error of session expired.
Thanks in advance.Image Of POSTMAN
Image of routes
Sounds like you're missing the CRSF token, which would explain why HTTP GET's are working. One option to work around this is to disable the CSRF middleware when working in your development environment. Simplest solution is to open up app/Http/Middleware/VerifyCsrfToken.php and set:
protected $except = [
'*',
];
The * is a wildcard-like option that will disable CSRF verification for all routes. Obviously ideal solution would to be to disable it on a higher level only when working on local development, but the provided answer is a quick solution.
See the Laravel documentation on CSRF Excluding URI's
Sorry for the trouble. I found the problem,actually i was posting the routes in web.php instead of api.php . That was why i was getting the errors. Thankyou for the concern.
I am developing a card for Laravel nova.
As part of this, I want an API route that can be posted, but I don't want to have to authenticate against it.
I have registered my route in the card's api.php
Route::post('/endpoint/{id}', function (Request $request, $id) {)
This works if I call it with an already authenticated session.
But if I try to call it from postman I get
HTTP 419 Sorry, your session has expired. Please refresh and try again.
I can see that the card service provider is registering the route as so
Route::middleware(['nova'])
->prefix('nova-vendor/NovaPusherCard')
->group(__DIR__.'/../routes/api.php');
So I guess that Nova is putting some authenticated in front of the route.
Is there a way I can register the route without adding authentication?
ok so I worked it out.
I just needed to update the middleware to api instead of nova.