I have such a situation. I have a form in which I need to get an id, and then with this id make a request to the database.

Here is the html code:

<form action="/product/get" method="post"> <div style="margin-top: 15%;" class="input-group mb-3"> <div class="input-group-prepend col-xs-12"> <span style="color: white;" class="input-group-text bg-dark" id="basic-addon1">Введите Id: </span> </div> <input type="text" name="name" class="form-control" aria-describedby="basic-addon1"> </div> <input type="submit" class="btn btn-success container" value="Получить товар" > </form>

and this is a controller

 public function postId(Request $request){ $id = $request->input('name'); $product = Product::where('id', $id)->get(); return view('showProduct', ['product' => $product]); }

and this is the way:

 Route::post('/product/get','ProductController@postId' );

When I press the button, error 419 is displayed (Sorry, your session has expired.)

    2 answers 2

    This issue comes from checking the CSRF token, which fails. Thus, either you do not publish it, or you publish the wrong one.

    You can publish the CSRF token in your form by calling:

     <form action="/product/get" method="post"> {{ csrf_field() }} ... </form>

    or

     <form action="/product/get" method="post"> @csrf ... </form>

    or

     <form action="/product/get" method="post"> <input type="hidden" name="_token" value="{{ csrf_token() }}"> </form>

      Can you add a line to the mediator

       <?php namespace App\Http\Middleware; use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware; class VerifyCsrfToken extends Middleware { /** * The URIs that should be excluded from CSRF verification. * * @var array */ protected $except = [ '/product/get', ]; }

      But it is simple to disable the check from the CSRF on this route and there will be no error. He himself asked about this question.

      • this is bad practice! If security is not important, then it can be so) - Ilya Zelenko
      • I understand this, therefore, and I ask the question how to make csrf protection work as it was in version 5.6 - Sasha Hakerenko