2

I'm working with a bank api.
The bank send a post request to my website but does not return there is not a token field is their request and I am faced with TokenMismatchException.

How can I fix this problem?
Here is coresponding codes: 

public function submitPayment()
{  
    $api = 'test';
    $amount = '3443354';
    $redirect = URL::to('new-order/after-payment');
    $result = $this->send($api, $amount, $redirect);
    $result = json_decode($result);

    return redirect("https://example.com/$result->transId");
}
Mehdi Rahimi
  • 1,453
  • 5
  • 20
  • 31

1 Answers1

2

In short you want to rename the default _token as CSRF token field name of Laravel to something else for that,

You can Override function Illuminate\Foundation\Http\Middleware\VerifyCsrfToken@tokensMatch(); from App\Http\Middleware\VerifyCsrfToken Class and change the CSRF parameter name.

You can add following code in your App\Http\Middleware\VerifyCsrfToken file.

   /**
     * Determine if the session and input CSRF tokens match.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function tokensMatch($request)
    {
        $sessionToken = $request->session()->token();

        $token = $request->input('_csrf_token') ?: $request->header('X-CSRF-TOKEN');

        if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
            $token = $this->encrypter->decrypt($header);
        }

        if (! is_string($sessionToken) || ! is_string($token)) {
            return false;
        }

        return hash_equals($sessionToken, $token);
    }

In above function CSRF field is changed to _csrf_token from _token

Akshay Khale
  • 8,151
  • 8
  • 50
  • 58