Added all ajax requests to exceptions, but still throws an error. How to find the problem area of ​​the code from the log is not clear

exception 'Illuminate\Session\TokenMismatchException' in /var/www/site/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:53 Stack trace: #0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure)) #1 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #2 /var/www/site/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #4 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #5 /var/www/site/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #7 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #8 /var/www/site/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure)) #10 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #11 /var/www/site/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure)) #13 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #14 /var/www/site/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(42): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure)) #16 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array) #17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #18 /var/www/site/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #19 /var/www/site/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #20 /var/www/site/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request)) #21 /var/www/site/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request)) #22 {main}
  • problem only with ajax? - xAoc
  • But there are similar errors not only with ajax? Well, I honestly don’t know, I need to find a route that causes a similar error in the trace where it can not be found? - Anton Veselov
  • Is the session being created? - xAoc
  • How to define it? - Anton Veselov

1 answer 1

on the page from which you are sending ajax, try adding to head:

 <meta name="csrf-token" content="{{ csrf_token() }}"/>

and add to js:

 $(function () { $.ajaxSetup({ headers: { 'X-CSRF-TOKEN': $('meta[name="_token"]').attr('content') } }); });

if you submit a form using ajax, add to the form body

 <input type="hidden" name="_token" value="{{ csrf_token() }}">

and add to the data you need to specify the token, for example

 formData['_token'] = $('input[name="_token"]').val(); formData['username'] = $('input[name="username"]').val(); formData['password'] = $('input[name="password"]').val(); $.ajax({ type: "POST", url: '/url', data: formData, dataType: "json", ...

if you need to completely disable it, open the file app / Http / Kernel.php and comment out the line, but this is not the best idea

 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken'

hopefully help

  • So the question is not quite about that, but to find out what script causes this error and under what conditions, but most likely you will have to send the token everywhereAnton Veselov
  • Anton, I corrected the answer. - esperant
  • Well, completely killing is not kosher little attacks will really be - Anton Veselov