419 page expired / empty header X-CSRF-TOKEN
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
419 page expired / empty header X-CSRF-TOKEN
Hello,
i am testing a laravel aimeos installation with PHP 8.1 and aimeos-laravel 2022.10.
Until yesterday it worked fine so far.
Today i cannot login anymore, access the basket or make jsonapi request.
I used "composer up" a couple of times for updating an own package.
Disabling the CSRF check via the VerifyCsrfToken Middleware all works again.
I tracked the source down to an empty X-CSRF-TOKEN header.
On the login site the token is posted as "_token" and as cookie.
The session token is the same value:
A header dump shows only empty values:
How can i solve this?
Aimeos is running on a VM with apache behind a nginx frontend server.
Regards
nowrap
i am testing a laravel aimeos installation with PHP 8.1 and aimeos-laravel 2022.10.
Until yesterday it worked fine so far.
Today i cannot login anymore, access the basket or make jsonapi request.
I used "composer up" a couple of times for updating an own package.
Disabling the CSRF check via the VerifyCsrfToken Middleware all works again.
I tracked the source down to an empty X-CSRF-TOKEN header.
On the login site the token is posted as "_token" and as cookie.
The session token is the same value:
Code: Select all
request token:
session token: fNK*****************S509
Code: Select all
{"attributes":{},"request":{},"query":{},"server":{},"files":{},"cookies":{},"headers":{}}
Aimeos is running on a VM with apache behind a nginx frontend server.
Regards
nowrap
Re: 419 page expired / empty header X-CSRF-TOKEN
Sorry,
i found the problem.
In vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php somehow the getTokenFromRequest()-method lost it's paramter _token:
instead of
To detect changes on vendor files:
To reinstall a composer package:
Regards
nowrap
i found the problem.
In vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php somehow the getTokenFromRequest()-method lost it's paramter _token:
Code: Select all
$request->input(' ')
Code: Select all
$request->input('_token')
Code: Select all
composer status -v
To reinstall a composer package:
Code: Select all
composer reinstall laravel/framework
nowrap