Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help with laravel and ngflow (token mismatch)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with laravel and ngflow (token mismatch)

sandrosandro Member
edited March 2016 in Help

Does anyone use laravel with ngflow file upload? Version 5 has csrf token check by default and I wasn't able to make post requests work with this even though I'm seding the token in the request headers.

Comments

  • GCatGCat Member
    edited March 2016

    Can you post sample code you're using so we can look at it and determine the issue?

    Did you follow these? https://laravel.com/docs/master/routing#csrf-protection

  • sandrosandro Member
    edited March 2016

    Yes I followed that guide.

    I'm using this code to send the header:

    <html ng-app="app" flow-init="{headers: {'X-CSRF-TOKEN': 'Y5TQP5IgL6M91UE4IzFT8vIHEiHQ2E6kNqSpHQzI'}}" flow-file-added="!!{jpg:1,jpeg:1,png:1}[$file.getExtension()]">

    Also Angular as written in the doc does send the XSRF-TOKEN cookie for every requests but I still get a token mismatch and I can't post files.

  • I re-read the doc, I need to add both the POST field and the header? How do I add a custom input field with ngflow?

  • yomeroyomero Member
    edited March 2016

    I haven't used that plugin, but, according to the documentation, there should be two options.

    First, according to the docs, you should be able to initialize ng-flow with an existing Flow object.
    Going to the docs of the Flow.js project, you can add a 'query' parameter (first example https://github.com/flowjs/flow.js) with extra parameters.

    Then, second, and should work and be more simple, according to the 'How can I set options for flow.js?', you should be able to add your field in your app.config section via the 'query' parameter.

  • sandrosandro Member
    edited March 2016

    OK i was able to add a input field _token via the query parameter but I'm still getting the same error :(

  • OK solved it... the reason was my framework/session directory was not owned by the same user as php/nginx so I was getting a different token at every refresh/request instead of one per session.

    Thanked by 1yomero
Sign In or Register to comment.