I am trying to configure a crud api for a blog and right now i made the PostController like this:
<?php
namespace AppHttpControllers;
use AppModelsPost;
use AppHttpRequestsStorePostRequest;
use IlluminateHttpRequest;
class PostController extends Controller
{
/**
* Display a listing of the resource.
*/
public function index()
{
$posts = Post::all();
return response()->json([
'posts' => $posts
]);
}
/**
* Store a newly created resource in storage.
*/
public function store(StorePostRequest $request)
{
$post = Post::create($request->all());
return response()->json([
'message' => "Post Created successfully!",
'post' => $post
], 200);
}
/**
* Display the specified resource.
*/
public function show(Post $post)
{
//
}
/**
* Show the form for editing the specified resource.
*/
public function edit(Post $post)
{
//
}
/**
* Update the specified resource in storage.
*/
public function update(StorePostRequest $request, Post $post)
{
$post->update($request->all());
return response()->json([
'message' => "Post Updated successfully!",
'post' => $post
], 200);
}
/**
* Remove the specified resource from storage.
*/
public function destroy(Post $post)
{
$post->delete();
return response()->json([
'status' => true,
'message' => "Post Deleted successfully!",
], 200);
}
}
and web.php is this one:
<?php
use IlluminateSupportFacadesRoute;
use AppHttpControllersPostController;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/
Route::get('/', function () {
return view('welcome');
});
Route::resource('posts', PostController::class);
and when i try to use postman
http://127.0.0.1:8000/posts/ works and shows me all the data but nothing else
And yes i switched the GET with POST and even tried with PUT
and i get the following:
"message": "CSRF token mismatch.",
I do not have any front-end in this project to put that csrf field there, how should i solve this?
2
Answers
If you dont have a front-end for this project, you need to set the csrf token on the device sending the request. Setting ‘X-CSRF-TOKEN’ headers should solve your problem. More information in here: https://developer.mozilla.org/en-US/docs/Glossary/Request_header
Api routes should be registered in the
routes/api.php
file, not in theweb.php
file. The middleware stack that is applied to the routes in these files is different.One of the middlewares that is applied to routes in the
web.php
file isVerifyCsrfToken
, but your requests will never have a csrf-token. Moving your api routes fromweb.php
toapi.php
will resolve the csrf-token issues.From the
RouteServiceProvider
:The middleware groups correspond with these middleware stacks: