skip to Main Content

I am trying to configure a crud api for a blog and right now i made the PostController like this:

<?php

namespace AppHttpControllers;

use AppModelsPost;
use AppHttpRequestsStorePostRequest;
use IlluminateHttpRequest;

class PostController extends Controller
{
    /**
     * Display a listing of the resource.
     */
    public function index()
    {
        $posts = Post::all();
        return response()->json([
            'posts' => $posts
        ]);
    }

    /**
     * Store a newly created resource in storage.
     */
    public function store(StorePostRequest $request)
    {
        $post = Post::create($request->all());

        return response()->json([
            'message' => "Post Created successfully!",
            'post' => $post
        ], 200);
    }

    /**
     * Display the specified resource.
     */
    public function show(Post $post)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     */
    public function edit(Post $post)
    {
        //
    }

    /**
     * Update the specified resource in storage.
     */
    public function update(StorePostRequest $request, Post $post)
    {
        $post->update($request->all());

        return response()->json([
            'message' => "Post Updated successfully!",
            'post' => $post
        ], 200);
    }

    /**
     * Remove the specified resource from storage.
     */
    public function destroy(Post $post)
    {
        $post->delete();

        return response()->json([
            'status' => true,
            'message' => "Post Deleted successfully!",
        ], 200);
    }
}

and web.php is this one:


<?php

use IlluminateSupportFacadesRoute;
use AppHttpControllersPostController;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/

Route::get('/', function () {
    return view('welcome');
});

Route::resource('posts', PostController::class);

and when i try to use postman
http://127.0.0.1:8000/posts/ works and shows me all the data but nothing else
And yes i switched the GET with POST and even tried with PUT
and i get the following:

 "message": "CSRF token mismatch.",

I do not have any front-end in this project to put that csrf field there, how should i solve this?

2

Answers


  1. If you dont have a front-end for this project, you need to set the csrf token on the device sending the request. Setting ‘X-CSRF-TOKEN’ headers should solve your problem. More information in here: https://developer.mozilla.org/en-US/docs/Glossary/Request_header

    Login or Signup to reply.
  2. Api routes should be registered in the routes/api.php file, not in the web.php file. The middleware stack that is applied to the routes in these files is different.

    One of the middlewares that is applied to routes in the web.php file is VerifyCsrfToken, but your requests will never have a csrf-token. Moving your api routes from web.php to api.php will resolve the csrf-token issues.

    From the RouteServiceProvider:

    $this->routes(function () {
        Route::middleware('api') // api is a middleware group
            ->prefix('api')
            ->group(base_path('routes/api.php'));
    
        Route::middleware('web') // web is a middleware group
            ->group(base_path('routes/web.php'));
    });
    

    The middleware groups correspond with these middleware stacks:

    protected $middlewareGroups = [
        'web' => [
            AppHttpMiddlewareEncryptCookies::class,
            IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class,
            IlluminateSessionMiddlewareStartSession::class,
            IlluminateViewMiddlewareShareErrorsFromSession::class,
            AppHttpMiddlewareVerifyCsrfToken::class, // causes the issue
            IlluminateRoutingMiddlewareSubstituteBindings::class,
        ],
     
        'api' => [ // does not have the csrf middleware
            IlluminateRoutingMiddlewareThrottleRequests::class.':api',
            IlluminateRoutingMiddlewareSubstituteBindings::class,
        ],
    ];
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search