Vue Cant Get CSRF Token From Laravel Blade
I have a blade that have this code.
<meta name="csrf-token" content="{{ csrf_token() }}">
<covid-form>
</covid-form>
Then in my covid-form component i got a form like this:
<form @submit.prevent="send">
<input type="hidden" name="_token" :value="csrf">
My component script.
<script>
export default {
data(){
return{
csrf: document.head.querySelector('meta[name="csrf-token"]').content,
fullname:'',
phone:'',
nationality:'',
have_not_travelled_to_china:false,
have_not_travelled_to_others:false,
have_not_travelled_to_asian:false,
no_issue_to_stay_home:false,
no_symptomps:false,
dont_have_close_contact:false,
signDate:new Date(),
opts:{
format: 'YYYY-MM-DD',
showClear: true,
showClose: true,
useCurrent: false,
},
date: new Date(),
opt:{
format: 'YYYY-MM-DD HH:mm A',
showClear: true,
showClose: true,
useCurrent: false,
}
}
},
created(){
console.log(this.csrf)
},
methods:{
async send(){
let loader = this.$loading.show({
container: this.fullPage ? null : this.$refs.formContainer,
onCancel: this.onCancel,
color: '#c91010',
loader: 'bars',
width: 80,
height: 100,
})
await axios.post('/submitForm',{
agent_name: this.fullname,
phone: this.phone,
nationality: this.nationality,
have_not_travelled_to_china: this.have_not_travelled_to_china,
have_not_travelled_to_others: this.have_not_travelled_to_others,
have_not_travelled_to_asian: this.have_not_travelled_to_asian,
no_issue_to_stay_home: this.no_issue_to_stay_home,
no_symptomps: this.no_symptomps,
dont_have_close_contact: this.dont_have_close_contact,
signDate: this.signDate,
date: this.date
})
.then(()=>{
swal.fire({
title: 'Success!',
icon: 'success',
width: '500px'
});
loader.hide()
})
}
}
}
</script>
UPDATE:
I dont have any errors in console. Tried it in postman with 127.0.0.1:8000/submitForm with post request. But everytime i submit i got "message": "CSRF token mismatch.", . Also i removed the @csrf in my blade because it is already in the header
Answer
You have to add the _token property to the axios data like you are doing with the others:
await axios.post('/submitForm',{
_token: this.csrf,
agent_name: this.fullname,
// ...
})
this is required for post requests.
And since you will set the data to axios, from the data function
data() {
return{
csrf: document.head.querySelector('meta[name="csrf-token"]').content,
agent_name: this.fullname,
//...
},
},
You can remove this line
<input type="hidden" name="_token" :value="csrf">
you are not using it at all.
Also you will need to set X-Requested-With headers to axios request,
but probably you already have somenthing like this.
The
VerifyCsrfTokenmiddleware, which is included in thewebmiddleware group, will automatically verify that the token in the request input matches the token stored in the session.
You can read more on the docs:
CSRF Protection
Related Questions
- → How to update data attribute on Ajax complete
- → October CMS - Radio Button Ajax Click Twice in a Row Causes Content to disappear
- → Octobercms Component Unique id (Twig & Javascript)
- → Passing a JS var from AJAX response to Twig
- → Laravel {!! Form::open() !!} doesn't work within AngularJS
- → DropzoneJS & Laravel - Output form validation errors
- → Import statement and Babel
- → Uncaught TypeError: Cannot read property '__SECRET_DOM_DO_NOT_USE_OR_YOU_WILL_BE_FIRED' of undefined
- → React-router: Passing props to children
- → ListView.DataSource looping data for React Native
- → Can't test submit handler in React component
- → React + Flux - How to avoid global variable
- → Webpack, React & Babel, not rendering DOM