Login/Register
csrf_token() is empty in l5-swagger and couldn't do any request except GET request
Asked Answered
Solved phplaravelswaggercsrf-token
W

3

6

csrf_token() is empty in l5-swagger and couldn't do any request except GET because the header is missing and always getting 419 error code

I have tried to request it from postman and it works. but in swagger it didn't. I have taken a look from this link (laravel 5 csrf_token value is Empty) but I still have no idea how to solve my problem.

How can I get the csrf_token inside my l5-swagger view?

Warmblooded answered 20/12, 2018 at 10:29 Comment(0)
R
6

I think you should try to add this in /routes/web.php

Route::group(['middleware' => 'web'], function () {
    Route::get('api/documentation', '\L5Swagger\Http\Controllers\SwaggerController@api')->name('l5swagger.api');
});

so you can add the web middleware on l5-swagger route

hope it helps

Reliant answered 20/12, 2018 at 10:33 Comment(5)
Wow, thanks! It works, but can you explain more about the code?Warmblooded
if you add web middleware, then laravel will know that u need csrf token and csrf_token() value will not be emptyReliant
Ah, I see. Thanks for your inputWarmblooded
This is giving the error of configuration missingSukkoth
unfortunately, this does not work for me with Laravel 8.x, see my answer if you are in the same boatVirility
N
4

None of these worked for me in Laravel 8.70.1.

What worked for me was to disable the EnsureFrontendRequestsAreStateful::class in both my local and dev (no public access) environments. Then in my deployment process (TeamCity & OctoDeploy) to both staging and production, the commented EnsureFrontendRequestsAreStateful::class is uncommented.

Swagger is disabled as part of the deployment process to both the staging and prod environments. If you are building a SPA you need the EnsureFrontendRequestsAreStateful class.

In summary, disabling the EnsureFrontendRequestsAreStateful::class should solve the problem, but make sure you put it back in both your staging and production environments.

File to edit is in /app/Http/Kernel.php

   //\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            'throttle:60,1',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\AuthGates::class,


        ],
Naldo answered 12/2, 2022 at 20:5 Comment(0)
V
3

For Laravel 8.x the solution with Routes did not work for me.

Instead i modified the file config/l5-swagger.php

you have to add multiple entries to defaults[routes][middleware][api]. By default this entry should be empty.

To fix the CSRF-Validation you have to add:

...

'api' => [
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\VerifyCsrfToken::class,
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
],

...

After that just clear the config cache with

php artisan config:cache

And you are good to go!

Virility answered 2/8, 2021 at 5:25 Comment(5)
For some reason this does not work for me. I am using latest version of laravel and L5-swaggerDorothy
What is your result?Virility
It was 419 error code. I have fixed it by putting it in the exception list. However I am not sure that this is the best practice.Dorothy
that pretty much will disable the CSRF-Errors for Laravel. Did you see the CSRF-Token when trying out the API via Swagger-UI? Something like: -H 'X-CSRF-TOKEN: OmyttElThbpda9aCWnAu2LYR2NOOwDAfdfdsfasdf' Also: please make sure you are using the api-routes, not the web-routes!Virility
For anyone having this same issue, while running on development using php artisan serve and using the OA\Server annotation with L5_SWAGGER_CONST_HOST ensure that this value is consistent with what serve is doing, for example, localhost:8000 and 127.0.0.1:8000 are differentIsolda

© 2022 - 2024 — McMap. All rights reserved.