2

I am getting Csrf token mismatch error on every post request I am making in the project. I am using ajax at some places and normal form submission at other places. However the error is constant.

I have tried several things as suggested on this site like

  1. Setting SESSION_SECURE_COOKIE=false.
  2. Adding @csrf inside <form></form>
  3. Adding <meta name="csrf-token" content="{{ csrf_token() }}" /> and $.ajaxSetup({headers: {'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content');}}); before ajax call.
  4. Running php artisan config:clear php artisan route:clear composer dump-autoload.
  5. Running project on different browsers.

The error is same throughout. The application was working absolutely fine. What is the thing I am missing?

pyrogrammer
  • 560
  • 3
  • 17
  • Do you have any middleware which will interfere and change the token? or you can inspect the browser to check if CSRF token is generated properly. Also, Perform `php artisan key:generate` if you don't have the key. Also, You don't have to change `SESSION_SECURE_COOKIE` value. – Monish Khatri Mar 27 '23 at 07:17
  • @MonishKhatri yes when i inspect i can see the token successfully, also I am facing same issues for post requests with and without any middleware. – pyrogrammer Mar 27 '23 at 07:24
  • can you share `'same_site'` parameter from your **config/session.php**. – a_man Mar 27 '23 at 07:25
  • Yes @a_man it is set to `'same_site' => null` – pyrogrammer Mar 27 '23 at 07:26

1 Answers1

2

In your config/session.php file, try setting same_site to lax,null.

After that run php artisan config:cache.

a_man
  • 194
  • 1
  • 11