All Questions
15 questions
0
votes
0
answers
116
views
Does CSRF protection work when the client and server are hosted on different servers?
I am currently in the development phase of my project, where the client (react) is hosted at localhost:3000, and the server (laravel) is hosted at localhost:8000. I'm implementing CSRF protection, and ...
- 152
1
vote
2
answers
1k
views
Laravel: CSRF token not needed for login via axios
When I use a form to post to the /login route, a valid CSRF token is needed.
<form role="form" method="POST" action="/login">
However, I can login completely ...
- 959
3
votes
2
answers
5k
views
Laravel project within iframe - CSRF token mismatch
I have a project where I implemented Sanctum to be used as authentication for api calls. This is the way I use it
axios.get('/sanctum/csrf-cookie').then(response => {
axios.post('/api/login', {...
- 466
0
votes
0
answers
189
views
laravel 7 csrf token change after login
To assign the items in the shopping cart to the user, I use the CSRF token. however, if the user logs in, a new token is automatically generated and the shopping cart is empty.
how can I prevent a new ...
- 1
0
votes
4
answers
1k
views
Laravel - 419 issues when Submit Form
I have problems when submitting a form in Laravel application. It reported 419 error.
My code:
<form action="login" method="POST">
<input id="csft_pass" type="hidden" name="_token" ...
- 87
2
votes
1
answer
362
views
How to prevent csrf attack if jwt token stored in cookie with httponly in laravel and Vue spa?
Frontend: Vue spa
Backend: laravel
Frontend and backend are separated, and they are communited with xhr request.
In the beginning I use local storage to store the JWT token, but now I found out ...
- 545
0
votes
0
answers
519
views
Laravel 5.6 Page Expired (Problem in Linux Cpanel Hosting)
Just Wait. I know the problem. The might be due to
no @csrf specified
post request but method="get" in form
long time (inactivity)
No encryption key (optional)
But I should specify ...
- 1,174
5
votes
3
answers
9k
views
How to disable "Session Expired in Laravel " in my Login Page?
I wait for 300 seconds in my login page before clicking the submit button, "Session expired" appears after I click the submit button. But, the expected result should be "Successfully ...
- 73
0
votes
0
answers
64
views
Laravel TokenMismatch for one user only, possible reasons
Bugsnag has been reporting a single client (same ip address) keeps receiving a TokenMismatchException throughout the last few weeks on my production Laravel 5.1 environment, no other client has ...
- 830
0
votes
2
answers
1k
views
Get CSRF token on successful authentication in Laravel 5.5
I am working with Laravel own authentication with CSRF tokens...
in my controller
public function __construct()
{
$this->middleware('auth')->except('login');
}
public function ...
- 2,514
2
votes
2
answers
67
views
Laravel Auth strange behavior
I have a domain and subdomain based app (all in one Laravel project). I have set up CORS and CSRF so that communication works. I've also replaced the cookie domain under session.php and now the ...
- 4,783
0
votes
1
answer
952
views
The requested Token and the session Token are not same
Firstly, sorry for my bad English
I have created a fresh project via this command :
laravel new blog
Then, I've ran make:auth inside of the blog project.
Then I tried to login to the blog using ...
- 12.8k
0
votes
1
answer
514
views
laravel 5.2 auth doesn't work
hi there i got a super weir auth login my application work just fine like 6 month but 1 day user and i can't login anymore
after login i got
TokenMismatchException in VerifyCsrfToken.php line ...
- 13
0
votes
6
answers
9k
views
laravel 5.1 auth csrf token mismatch
before make any judgment I read all the related questions related to my problem but none of them fixed it.
so here's my problem when I use the authentication facility of laravel 5.1 and want to ...
1
vote
3
answers
2k
views
token mismatch execption - laravel auth
I have following routes
Route::controller('users', 'UsersController');
Controllers
class UsersController extends BaseController {
protected $layout = "layouts.login";
public function ...
- 15.5k