I am just starting out so please forgive me. I have a solid grasp on CodeIgniter, so I understand what is going on. However, I am noticing that my CSRF token is empty when I am creating a form. I am working through the laracasts videos to get a gasp on Laravel workflow.
myfile.blade.php
{!! Form::open((array('action' => 'MyController#method'))) !!}
...
{{!! Form::close() !!}}
Here is what I am getting when I view the source:
<form method="POST" action="http://mysite.dev/route" accept-charset="UTF-8">
<input name="_token" type="hidden">
</form>
I've looked through the config directory, but see nothing on having to enable csrf. Is there an additional setting somewhere I need to update?
Thank you for your suggestions.
EDIT
Even this gives me an empty hidden input field:
{{ Form::token() }} // <input name="_token" type="hidden">
EDIT
Here is what my controller looks like:
//use Illuminate\Http\Request;
use Request;
use App\Article;
use App\Http\Requests;
use App\Http\Controllers\Controller;
public function store(Request $request)
{
$input = Request::all();
return $input;
}
So my updated form tag looks like this:
{!! Form::open((array('action' => 'ArticleController#store'))) !!}
...
When I submit, I can see the json response - the token is obviously empty.
{"_token":"","title":"test","body":"test"}
The Laravel Fundamental series is for Laravel 5.0 so you have a few options. You can install Laravel 5.0 to continue with that series. In order to install L5.0, you need to run this command:
composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist
If you want to use Laravel 5.2 though (which I would recommend and Jeffrey Way will most likely release a series on this soon), there are several extra things to take into consideration.
First, put all your routes inside a "web" middleware group like this:
Route::group(['middleware' => ['web']], function () {
// Put your routes inside here
});
In the past, there were several middlewares that ran on every request by default. In 5.2, this is no longer the case. For example, the token is stored in the session, but in 5.2, things like the "StartSession" middleware are not automatically applied. As a result, the "web" middleware need to be applied to your routes. The reason for this change in 5.2:
Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web group, and perhaps the rate limiter in the api group.
Also, in the Laravel Fundamental series, Jeffrey pulls in the "illuminate/html" package, but now, most people use the laravel collective package. They handle a lot of the Laravel packages that are taken out of the core. As a result, I would remove the "illuminate/html" package. In your composer.json file, remove "illuminate/html: 5.0" (or whatever is in the require section). Also, remove the corresponding service provider and form facades that you added to your config/app.php file.
To install the laravel collective version, add this in your composer.json file instead: "laravelcollective/html": "5.2.*-dev". Then, run composer update. Once that's done, in your config/app.php file, add this to your providers array:
Collective\Html\HtmlServiceProvider::class,
and add this to your aliases array:
'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,
I hope I'm not missing anything else.
This is a config issue .You need to set the app key in your config file ...config/app.php to a 32 character string or use artisan cli php artisan key:generate to genearte the key for you to be able to use the CSRF token .
Also make sure that you include routes that use the CSRF token in the web group route .
You may exclude URIs by defining their routes outside of the web middleware group that is included in the default routes.php file, or by adding the URIs to the $except property of the VerifyCsrfToken middleware: http://laravel.com/docs/5.2/routing#csrf-protection
If you have a login page and you want to clear out the session using:
Session::flush();
Don't forget that this also cleans out the csrf token before it can be put in the view
It should be
{!! Form::open((array('action' => 'MyController#method'))) !!}
...
{!! Form::close() !!}
I have solved the issue of HtmlService provider actually 5.2 version removed Illuminate and add collective follow the step to solve the issue:
composer require laravelcollective/html
composer update
add in config/app.php
'providers' => ['Collective\Html\HtmlServiceProvider'],
'aliases' => [
'Form' => 'Collective\Html\FormFacade',
'Html' => 'Collective\Html\HtmlFacade',
],
Then you are able to use that form.
Related
Good day, I'm having trouble on sending post data to my Laravel project, It always shows Page Expired (419) on this,
Error 419 on POST
Here's the things I have done before coming up to my question:
Added SESSION_SECURE_COOKIE=FALSE on .env
Changed the config/session.php from 'secure' => env('SESSION_SECURE_COOKIE'), to 'secure' => env('SESSION_SECURE_COOKIE', false),
Added ob_start(); at the beginning of public/index.php like this <?php ob_start(); use Illuminate\Contracts\Http\Kernel; use Illuminate\Http\Request;
This is my route
Route::post('/data', [AdminController::class, 'getSensorData']);
Also in I'm sending the data to the database from the post request using the controller.
The request works fine when the method is GET.
200ok on GET
Edit: It's working now, the fix was from #Ahmed Hassan. Thank you.
this issue occur because you didn't send the CSRF token with the request
just add #csrf inside your form and it will work
also, you can exclude your URL in the $except list in the App\Http\Middleware\VerifyCsrfToken
I hope it's helpful
I created an api which is delivered with package development composer. in Laravel 7 it was possible to add the route model binding with:
Route::group(['namespace' => 'Acme\Package\app\Http\Controllers\Api'], function () {
// fomer possibility:
Route::apiResource('api/comments/', 'CommentController')->middleware('bindings');});
In Laravel 8 that's not possible anymore. I've tried almost everything the last days, but either the route-model-binding is not working, or the class can't be found:
Target class [bindings] does not exist.
I really hope someone can post an answer to the problem, or a hint or anything useful.
many thanks in advance
EDIT:
Thanks for the answers, including the middleware in the Route::group like mentioned:
Route::group(['namespace' => 'Acme\Package\app\Http\Controllers\Api', 'middleware' => 'Illuminate\Routing\Middleware\SubstituteBindings']
did it.
In Laravel 8 the alias for this middleware has been removed. You can either use it by its full class name
Illuminate\Routing\Middleware\SubstituteBindings
or add the alias back in to your app/Http/Kernels.php in $routeMiddleware as follows:
protected $routeMiddleware = [
'auth' => Authenticate::class,
'bindings' => Illuminate\Routing\Middleware\SubstituteBindings,
/*...*/
You have to be careful if you are relying on values in someones application to exist. I could use a different name/alias for that middleware if I wanted to in my HTTP Kernel. You should be using the FQCN for that middleware that comes from the framework when referencing it like that.
In a default Laravel 8 install there is no middleware named/aliased as 'bindings'. It is referenced by its FQCN, Illuminate\Routing\Middleware\SubstituteBindings, which is how you should probably be referencing it from a package.
You can provide a config file for someone to alter these things if you would like. Then you can use your configuration to know which middleware to reference.
How could I change laravel sanctum csrf cookie route to /api/sanctum/csrf-cookie ?
I tried adding this to api.php routes:
use Laravel\Sanctum\Http\Controllers\CsrfCookieController;
Route::get('/sanctum/csrf-cookie', CsrfCookieController::class . '#show')->middleware('web');
But it looks for this controller under app/http/controllers where it doesn't exist.
So if anyone wondering, there should be prefix within config file that is default set to 'sanctum' within a package service provider.
So if you want to change it to API routes you should go to config/sanctum.php and add 'prefix' => 'api'.
you can create a controller CsrfController and make it extends
(Laravel\Sanctum\Http\Controllers\CsrfCookieController)
use Laravel\Sanctum\Http\Controllers\CsrfCookieController
class CsrfController extends CsrfCookieController {}
and then you can link your route
Route::get('/sanctum/csrf-cookie', 'CsrfController#show')->middleware('web');
another flexible solution is to set
'routes' => false
in config/sanctum.php ,then define a new route in routes\api.php
use Laravel\Sanctum\Http\Controllers\CsrfCookieController;
Route::get('/csrf', [CsrfCookieController::class, 'get'])->name('csrf');
like so, you can choose the proper route to suit your needs
I'm all set up with Passport in 5.5 and have the auto generated Auth\ForgotPasswordController and Auth\ResetPasswordController controllers.
However whereas /oauth/token was provided magically for me, there don't appear to be such routes for password reset when using the API.
What should my API routes look like?
Currently I've experimented with
Route::group(['prefix' => 'password'], function () {
Route::post('/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('/reset', 'Auth\ResetPasswordController#reset');
});
but I found these in the vendor files when looking at the traits and aren't sure if this is the correct way.
The /password/email route also fails with "message": "Route [password.reset] not defined."
since you don't see any route other then 2 custom, therefore i am assumin you havn't run artisan auth command. First run that. it will add lot of routes in ur project.
Then set api driver to passport.
I just upgraded from Laravel 5.2 to 5.3. I am using Laravel-DataTables package for several tables in my application.
After upgrade when I run artisan serve I'm receiving:
[BadMethodCallException]
Method controller does not exist.
I've tracked the issue down to this piece of code in my routes.php (now web.php)
Route::controller('datatables', 'ProfileController', [
'anyOrders' => 'datatables.dataOrders',
'anyProperties' => 'datatables.dataProperties',
]);
This is the suggested way to route the queries for DataTables Documentation.
Was the Route::controller() deprecated, and what is the alternative to for these routes?
The explicit routes will be:
Route::get('/datatables/orders', array('middleware' => 'auth', 'uses' => 'ProfileController#anyOrders'))->name('datatables.dataOrders');
Route::get('/datatables/properties', array('middleware' => 'auth', 'uses' => 'ProfileController#anyProperties'))->name('datatables.dataProperties');
I had the same issue as you, and none of the alternatives (explicit declaration or publishing) was good enough. There were also some alternatives which required changing too much code.
This is why I wrote a class called AdvancedRoute, which serves as a drop in replacement.
It can be used by simply replacing Route::controller with AdvancedRoute::controller like this:
AdvancedRoute::controller('users','UserController');
Full information how to install and use find at the GitHub repo at:
https://github.com/lesichkovm/laravel-advanced-route
Hope you find this useful.
https://laravel.com/docs/5.3/upgrade#upgrade-5.3.0
The following features are deprecated in 5.2 and will be removed in the 5.3 release in June 2016:
Implicit controller routes using Route::controller have been deprecated. Please use explicit route registration in your routes file. This will likely be extracted into a package.
You can use resource().
Route::resource('users','UserController');
Note: the "get" prefix is not needed. getIndex() = index()