Laravel restful api error 500 (store and destroy)

Question

I am new to restful api, and I met a problem: when I request destroy with delete method and store with post method, both will return 500 error. But I use get method to request index and show, both are ok. What is the problem?

Here is my code and request:

delete http://***.com/RestfulPrac/public/customers/10000001

get   http://***.com/RestfulPrac/public/customers/10000001

post http://***.com/RestfulPrac/public/customers

 class CustomersController extends Controller
 {
    public function index(){

    $customersInfo = customers::all();
    return $customersInfo;

    }

    public function show($cust_id){

    $customer = customers::where('cust_id',$cust_id)->first();
    return $customer;
    }
    public function store()
    {
    
    echo "store";
    }

   public function destroy()
   {

      return "success";
   }
}

Route::resource('customers','CustomersController');

The apache access.log:

"DELETE /RestfulPrac/public/customers/1000000001 HTTP/1.0" 500 20246 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"

The apache error.log:

[Thu Jun 02 09:09:24.324782 2016] [negotiation:error] [pid 4328:tid 1676] [client 127.0.0.1:4940] AH00690: no acceptable variant: D:/XAMPP/apache/error/HTTP_NOT_FOUND.html.var

The laravel.log:

local.ERROR: exception 'Illuminate\Session\TokenMismatchException' in F:\PhpstormProjects\RestfulPrac\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php:67
Stack trace:

did you check laravel's error log to see if anything is in there, or the webserver's error log? — lagbox, Jun 02 '16 at 01:36
show and index method are ok for me..but store and destroy won't work — vancake, Jun 02 '16 at 01:45
can you check the laravel log in storage/logs and your apache error.log — lagbox, Jun 02 '16 at 01:47

score 2 · Accepted Answer · edited May 23 '17 at 12:31

2

Based on the Laravel error log you have a csrf token mismatch. If you are building an API you probably will not want to use the 'web' middleware. That middleware group is starting a session and will check for a csrf token on all requests that aren't using READ (GET, HEAD, OPTIONS) HTTP methods.

By default Laravel is putting all your routes in routes.php in a route group with the 'web' middleware applied (If on version >= 5.2.27) when it loads them in your RouteServiceProvider in app\Providers.

That would probably be where to start, based on the Laravel error log.

This may be of some help: VerifyCsrfToken always called when route to API Middleware Laravel 5.2.35

edited May 23 '17 at 12:31

Community

1
1

answered Jun 02 '16 at 02:00

lagbox

48,571
8
72
83

No problem. If you are doing a stateless api, you won't need the 'web' middleware group at all. If you want sessions you will want it. You can exclude your api routes from csrf check in that middleware's `$except` array, you can use wildcards in the URIs, if you feel the need to use the 'web' group. – lagbox Jun 02 '16 at 02:18

score 0 · Answer 2 · answered Jun 02 '16 at 02:05

just navigate to app\kernel.php

comment csrf like this

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        //  \App\Http\Middleware\VerifyCsrfToken::class,
    ],

    'api' => [
        'throttle:60,1',
    ],
];

You wont need csrf protection if you are building an api

Laravel restful api error 500 (store and destroy)

2 Answers2