Hello again. I forgot to mention about following problem I have encountered on some pa

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hello again <a class="user-mention notranslate" data-hovercard-type="user" data-hoverc

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

CSRF token exception about laravel-admin-starter HOT 4 CLOSED

bpocallaghan commented on June 22, 2024

CSRF token exception

from laravel-admin-starter.

Comments (4)

bpocallaghan commented on June 22, 2024

Hi @cagcak
Yes - I've added the 'your session expired' for TokenMismatchException.

It should throw the error on local environment, think also when you have multiple form pages open.

I still want to add it so that when it fails - it generates a new one so the user does not have to refresh and can just submit again with new token. Everything in due time :)

But please let me know if happens 'randomly' for you. I've did some big-ish updates a few weeks ago and did not have much time to do any upgrades lately - might've broken a few things.

Thanks for looking so deep into it - always helps to get more eyes and opinions on it. :)

Hope this helps...

from laravel-admin-starter.

bpocallaghan commented on June 22, 2024

@cagcak
Forgot to mention - In the Admin / Resource Controllers - On the index method I save the url to the session and then on store/edit I redirect to that url saved in session. This can be an issue if you have multiple pages open - it will redirect to the recently opened url.

Save url

Redirect

It might be an issue if you want to open multiple pages - due to it only being in the admin I figured its oky - does make 'changing' url easier (don't have to update the redirect url)

But yeah - probably personal preference..., unless you can see a major flaw in it?

from laravel-admin-starter.

cagcak commented on June 22, 2024

Hello again @bpocallaghan .
That makes perfectly sense. I dont leave multiple pages open while artisan serving generally.
CSRF token in middleware is needed for protection. But I think it must be activeted in only production. That is my opinion, so I might be wrong :) . You know the best.
Anyway I have changed the APP_ENV as production to use the same token in my localhost. But you might be consider modifying App\Http\Middleware\VerifyCsrfToken for local and development modes as follows:

public function handle($request, \Closure $next)
{
    if (in_array(env('APP_ENV'), ['local', 'dev'])) {
        return $next($request);
    }

    return parent::handle($request, $next);
}

I'm not good enough to contribute at backend development but if I will encounter find an issue in frontend I'll try to fix it.

Best regards

from laravel-admin-starter.

bpocallaghan commented on June 22, 2024

Hi @cagcak
I do agree with you - makes total sense.
Just to add - only personal preference really.
On the one side - you disable CSRF on local - which is 100%.
Just a note - might be nice to see the CSRF on a form / ajax that you 'forgot' to add the CRSF field, but again - why will this happens if you've setup ajax correctly + forms - just thought I share.

Luckily - like most cases in Laravel , only takes a few lines to make it work for you :)

Thanks - Happy coding...

from laravel-admin-starter.

CSRF token exception about laravel-admin-starter HOT 4 CLOSED

Comments (4)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent