skip to Main Content

I have a project with Laravel Inertia and Vue Js. These day i have a problem with csrf token. I have already read the documentation here https://inertiajs.com/csrf-protection, so maybe i should add csrf token on every inertia request/response.

My question is, how to add this _token globally? So i dont need to one by one add token into my vue file, because its too much file.

My current script code on login.vue:

props: {
        errors: Object,
        session: Object,
        auth: Array
    },

    //define composition API
    setup(props) {
        //define form state
        const form = reactive({
            email: '',
            password: '',
        });

        //submit method
        const submit = () => {

            //send data to server
            Inertia.post('/login', {

                //data
                email: form.email,
                password: form.password,
                _token: props.auth.csrf
            });
        }

My HandleInertiaRequest (middleware):

<?php

namespace AppHttpMiddleware;

use IlluminateHttpRequest;
use InertiaMiddleware;

class HandleInertiaRequests extends Middleware
{
    /**
     * The root template that's loaded on the first page visit.
     *
     * @see https://inertiajs.com/server-side-setup#root-template
     * @var string
     */
    protected $rootView = 'app';

    /**
     * Determines the current asset version.
     *
     * @see https://inertiajs.com/asset-versioning
     * @param  IlluminateHttpRequest  $request
     * @return string|null
     */
    public function version(Request $request): ?string
    {
        return parent::version($request);
    }

    /**
     * Defines the props that are shared by default.
     *
     * @see https://inertiajs.com/shared-data
     * @param  IlluminateHttpRequest  $request
     * @return array
     */
    public function share(Request $request): array
    {
        return array_merge(parent::share($request), [
            //session
            'session' => [
                'status'    => fn () => $request->session()->get('status'),
                'success'   => fn () => $request->session()->get('success'),
                'error'     => fn () => $request->session()->get('error'),
            ],
            //user authenticated
            'auth' => [
                'user'          => $request->user() ?   $request->user() : null,
                'permissions'   => $request->user() ? $request->user()->getPermissionArray() : [],
                'csrf' => $request->session()->token()
            ],
            //route
            'route' => function () use ($request) {
                return [
                    'params' => $request->route()->parameters(),
                    'query' => $request->all(),
                ];
            },
        ]);
    }
}

2

Answers


  1. Now add csrf variable inside script at the blade file, like this.

    <script>
         export default {
            data: () => ({
                csrf: document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
              }),        
        }
    </script>
    

    You will see a meta tag in your blade.php file like this.

    <meta name="csrf-token" content="{{ csrf_token() }}">
    
    Login or Signup to reply.
  2. In your Middleware/HandleInertiaRequests.php file add the csrf token globally.

    /**
     * Defines the props that are shared by default.
     *
     * @see https://inertiajs.com/shared-data
     * @param  IlluminateHttpRequest  $request
     * @return array
     */
    public function share(Request $request): array
    {
        return array_merge(parent::share($request), [
              'csrf_token' => csrf_token(),
        ]);
    } 
    

    Within your form add the instance.

    <input type="hidden" name="_token" :value="this.$page.props.csrf_token">
    

    Finally, make a call, in the below example I am using the Inertia useForm() function to log a user in.

    <script setup>
      import { useForm } from '@inertiajs/vue3'
    
      const form = useForm({
        email: String,
        password: String,
        _token: String,
        processing: false,
      });
    
      let submit = () => {
        form.processing = true
        
        form.post('/login')
      }
    </script>
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search