-1

I'm working on Laravel 5.8 and php 7.1.3. using csrf_token() return value in controller function but not return any value in controllers/api controller. how to used csrf_token in api controller function.

Api controller :- Http/Controllers/Api/TestConroller.php

class TestConroller extends Controller
{
    public function __construct()
    {
        
    }

    public function getToken(Request $request){

        echo csrf_token();
    }
}

Routes:- routes/api.php

Route::get('getToken', 'Api\TestConroller@getToken');

url:-

http://localhost/laravel/api/getToken

if csrf token() not work in api controller then how to used token for verification in api.

thecreation
  • 11
  • 2
  • On your GET method, Your parameter has some name? then `$request->name` if you dont know the name of the param, then you can get it with `dd($request->all());` – STA Jun 24 '21 at 14:09
  • 2
    I mean you should use `return` over `echo` in Laravel controllers, like `return response()->json(['csrf_token' => csrf_token()]);`, but Api's typically don't use `csrf_tokens`, so I'm not sure what you're really trying to accomplish here. – Tim Lewis Jun 24 '21 at 14:10

2 Answers2

0

Csrf token only works in web.php not in api.php .Api's are stateless

if you check kernal.php

 protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Laravel\Jetstream\Http\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\HandleInertiaRequests::class,
        ],

        'api' => [
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

web middleware uses session .So For testing purpose if you comment below middleware

\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,

then it will return null on web.php

John Lobo
  • 14,355
  • 2
  • 10
  • 20
0

if you want to use in api.php just add these 2 lines in kernel.php

\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,

in

'api' => [
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

section

Nasir Wahid
  • 1