POST, PUT and DELETE method requests fail

Question

I'm doing some tests with Laravel 5's RESTful APIs. I created the UserController controller using the command php artisan make:controller UserController, and updated routes.php like so:

Route::group(['prefix' => 'api'], function()
{
    Route:resource('user', 'UserController');
    Route::group(['prefix' => 'user'], function()
    {
        Route::get('', ['uses' => 'UserController@index']);

        Route::get('{id}', ['uses' => 'UserController@show']);

        Route::post('', ['uses' => 'UserController@create']);

        Route::put('{id}', ['uses' => 'UserController@edit']);

        Route::delete('{id}', ['uses' => 'UserController@destroy']);

    });
});

When testing it, the only working method is GET, others do fail throwing this exception:

TokenMismatchException in compiled.php line 2440:

I'd appreciate if you could give me an hand out with this, thank you.

score 0 · Answer 1 · edited Mar 15 '15 at 04:15

0

POST, PUT and DELETE methods require a CSRF token. You need to include it in your page.

{!! Form::token() !!}

Also, if you use Form::open() and pass one of the methods listed above as an argument, the CSRF token will be automatically included.

edited Mar 15 '15 at 04:15

manix

14,537
11
70
107

answered Mar 14 '15 at 17:39

Johnny Bueti

637
1
8
27

thnks for your support . i test in UserController.php. how about include {{ Form::token() }} in my controller. – Hort Mar 15 '15 at 03:39
1

@Hort, `{!! Form::token() !!}` should be added at your view, because it will print an hidden input with a csrf token – manix Mar 15 '15 at 04:14
thanks @Shiny Phoenix: if i want use method post, put and delete without include {!! Form::token() !!} in view. mean i create function insert, update, delete api from controller. what way can do? thanks. – Hort Mar 16 '15 at 01:24
Thanks for the edit, @manix. @Hort, it's highly suggested you do so. Cross-site-request-forgery is a really dangerous way for users to spoof sessions and access services otherwise to them unavailable. You can either use `{!! Form::token() !!}` or explicit the form method in `{{ Form::open(array('url' => 'foo/bar', 'method' => 'YOUR_METHOD')) }}`. If you're making external requests (i.e. an API service), simply use only the GET method. – Johnny Bueti Mar 16 '15 at 08:25

POST, PUT and DELETE method requests fail

1 Answers1