Why Does the Laravel API Return a 419 Status Code on Post and Put Methods

  • Home
  • Languages
  • PHP
  • Why Does the Laravel API Return a 419 Status Code on Post and Put Methods

Why does the Laravel API return a 419 status code on POST and PUT methods?

If you are developing REST APIs, you better not add tokens. If you are using 5.4 or 5.5 you can use api.php instead of web.php. In api.php you don't need token verifcation on post requests.

If you are using web.php, then you can exculde routes that you don't want to validate with CSRF Tokens.

Here is the official documentation:

Excluding URIs From CSRF Protection

Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
        'http://example.com/foo/bar',
        'http://example.com/foo/*',
    ];
}

For reference https://laravel.com/docs/5.5/csrf

Laravel Http Client 419 unknown status

I agree with @ElektaKode that the issue is likely due to lack of csrf token.

In order to disable CSRF middleware while testing,
switch off CSRF token for this route at /app/Http/Midddleware/VerifyCsrfToken.php, by updating:

protected $except = [ 'your-route-url' ];

Then you can use api authentication to follow it up.

The simplest way to use api authentication, follow this doc,
The other ways are either using Laravel passport or using jwt for api.(both will consume more time to set up, as you are using for testing using api authentication is your go to method.)


Related Topics

Pdo Multiple Queries

How to Retrieve Utf-8 Accented Characters from Access via Pdo_Odbc

Find Common Values in Multiple Arrays with PHP

Using Strtotime for Dates Before 1970

How to Implement Pagination in PHP

How to Delete a File via PHP

Getting Http Code in PHP Using Curl

Laravel Stylesheets and JavaScript Don't Load for Non-Base Routes

Generate Random 5 Characters String

Php7.1 JSON_Encode() Float Issue

Post Form and Update Multiple Rows with MySQL

PHP Array Behaving Strangely with Key Value 07 & 08

PHP Add Element to Every Sub Array of Multi Dimension Array

Confusing About This Cookies in Redirecting System

Interface or an Abstract Class: Which One to Use

PHP Expects T_Paamayim_Nekudotayim

Ffmpeg Progress Bar - Encoding Percentage in PHP

How to Get Client Ip Address in Laravel 5+


Leave a reply



Submit