419 page expired / empty header X-CSRF-TOKEN

Help for integrating the Laravel package
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Post Reply
nowrap
Posts: 37
Joined: 01 Mar 2023, 23:03

419 page expired / empty header X-CSRF-TOKEN

Post by nowrap » 02 Mar 2023, 11:46

Hello,
i am testing a laravel aimeos installation with PHP 8.1 and aimeos-laravel 2022.10.

Until yesterday it worked fine so far.

Today i cannot login anymore, access the basket or make jsonapi request.
I used "composer up" a couple of times for updating an own package.

Disabling the CSRF check via the VerifyCsrfToken Middleware all works again.

I tracked the source down to an empty X-CSRF-TOKEN header.

On the login site the token is posted as "_token" and as cookie.
The session token is the same value:

Code: Select all

request token: 
session token: fNK*****************S509
A header dump shows only empty values:

Code: Select all

{"attributes":{},"request":{},"query":{},"server":{},"files":{},"cookies":{},"headers":{}}
How can i solve this?
Aimeos is running on a VM with apache behind a nginx frontend server.

Regards
nowrap
Top
nowrap
Posts: 37
Joined: 01 Mar 2023, 23:03

Re: 419 page expired / empty header X-CSRF-TOKEN

Post by nowrap » 02 Mar 2023, 19:54

Sorry,
i found the problem.

In vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php somehow the getTokenFromRequest()-method lost it's paramter _token:

Code: Select all

$request->input(' ')
instead of

Code: Select all

$request->input('_token')
To detect changes on vendor files:

Code: Select all

composer status -v


To reinstall a composer package:

Code: Select all

composer reinstall laravel/framework
Regards
nowrap
Top
Post Reply

Return to “Laravel package”