Laravel 419 error on POST request via POSTMAN

Question

I'm trying to send a POST request via the POSTMAN application to my API which is running Laravel 5.6.

My route is as follows:

Route::post('/charge','Charge@index');

and the Charge and index function simply var_dumps the post parameter:

class Charge extends Controller
{
    public function index()
    {
        var_dump($_POST);
    }

}

The response I get is a 419 unknown status error. I've got no idea what the problem is.

I'm unsure what other info to include here, but please ask if anything else would be needed to help solve this issue.

Thanks, J

Answer 1

It may be because you are not sending your csrf token with the form data.

In laravel it is mandatory to send the csrf token on every request.

If you don't want to send then mention you method name in the app/http/middleware/VerifyCsrfToken.php file.

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{

    protected $addHttpCookie = true;

   protected $except = [
    'auth/facebook/callback',
    'auth/google/callback',
];
}

Answer 2

if using postman on headers add

(KEY) (VALUE)
X-CSRF-TOKEN yvthwsztyeQkAPzeQ5gHgTvlyxHfsAfE

you can found VALUE by add

public function index()
{
    return csrf_token(); 
}

and send GET on your route name then you will get VALUE of csrf

Answer 3

I was having the same problem and the only solution that I found was removing that exact url from the csrf verification file, which name is VerifyCsrfToken.php and is located at

app\\Http\\Middleware\\VerifyCsrfToken.php

Once you open that file, you only have to put the exact url that you are doing your post request in the except variable like below:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
        'http://localhost/api2/public/user' //This is the url that I dont want Csrf for postman.
    ];
}

After that I could do my post request from postman.

PD: This is for development environments I suppose that you eventually will have to undo this, so, someone correct me if I'm wrong.

Answer 4

I was making a get request from POSTMAN and facing 419 error. However, In-case if you are still wondering how to find csrf token even when you are making a GET request and facing status 419 . In my case I solved the problem by adding the user-agent: xxxx token in header.

Example:

user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36

Answer 5

you need to provide CSRF token with the request you send in that case you need a CSRF token.

Generating CSRF token on web.php

    Route::get('/token', function () {
        return csrf_token(); 
    });

Sending a request with token | PUT FOLLOWING ON HEADERS |token should be change on each request

(KEY)           (VALUE)
X-CSRF-TOKEN    MGpzhSLdVWdB7ddQSR8B6iu3A89A6LW7UPT0zmO2