0

I have routing issue with laravel when calling ajax but I don't really understand what could be causing it since what I have should call ajax and return successfully. Any help would be greatly appreciated. Thank you!

Here is my ajax code

$.ajax({
            type: "POST",
            url: baseLocalUrl, //baseLocalUrl= "http://localhost:4567/admin/menuBuilder/1/save"
            data: 
            {
                html: $("#comment_area").text()
            },
            success: function(data){
                alert("success!");
            }


});

Here is my route

Route::group(array('prefix' => 'admin', 'before' => 'auth'), function()
{
.....
Route::post('menuBuilder/{role}/save' , array('uses' => 'AdminMenuBuilderController@saveHTML' ));
.....
});

Here is my controller method

public function saveHTML($roleId){
        //$decodeJson = Input::get('html');
        return "success";

}

This is the error I am getting

 POST http://localhost:4567/admin/menuBuilder/1/save 500 (Internal Server Error)

Laravel Log

production.ERROR: 500 - Exception @ /admin/menuBuilder/1/save
exception 'Illuminate\Session\TokenMismatchException' in /vagrant/app/filters.php:98

filters.php

<?php

/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/

App::before(function($request)
{
    //
});


App::after(function($request, $response)
{
    //
});

/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/

Route::filter('auth', function()
{
    if ( Auth::guest() ) // If the user is not logged in
    {
            return Redirect::guest('user/login');
    }
});

Route::filter('auth.basic', function()
{
    return Auth::basic();
});

/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/

Route::filter('guest', function()
{
    if (Auth::check()) return Redirect::to('user/login/');
});

/*
|--------------------------------------------------------------------------
| Role Permissions
|--------------------------------------------------------------------------
|
| Access filters based on roles.
|
*/

// Check for role on all admin routes
Entrust::routeNeedsRole( 'admin*', array('admin'), Redirect::to('/') );

// Check for permissions on admin actions
Entrust::routeNeedsPermission( 'admin/blogs*', 'manage_blogs', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/comments*', 'manage_comments', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/users*', 'manage_users', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/roles*', 'manage_roles', Redirect::to('/admin') );

    /*
    |--------------------------------------------------------------------------
    | CSRF Protection Filter
    |--------------------------------------------------------------------------
    |
    | The CSRF filter is responsible for protecting your application against
    | cross-site request forgery attacks. If this special token in a user
    | session does not match the one given in this request, we'll bail.
    |
    */

    Route::filter('csrf', function()
    {
        if (Session::getToken() != Input::get('csrf_token') &&  Session::getToken() != Input::get('_token'))
        {
            throw new Illuminate\Session\TokenMismatchException;
        }
    });

    /*
    |--------------------------------------------------------------------------
    | Language
    |--------------------------------------------------------------------------
    |
    | Detect the browser language.
    |
    */

    Route::filter('detectLang',  function($route, $request, $lang = 'auto')
    {

        if($lang != "auto" && in_array($lang , Config::get('app.available_language')))
        {
            Config::set('app.locale', $lang);
        }else{
            $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : '';
            $browser_lang = substr($browser_lang, 0,2);
            $userLang = (in_array($browser_lang, Config::get('app.available_language'))) ? $browser_lang : Config::get('app.locale');
            Config::set('app.locale', $userLang);
            App::setLocale($userLang);
        }
    });
Improve this question
2
  • What does the error log say? There is a laravel error log file that should be able to give you more information on why the failure happened. It is usually somewhere like yourapp/app/storage/logs/ Commented Dec 14, 2014 at 21:30
  • production.ERROR: 500 - Exception @ /admin/menuBuilder/1/save exception 'Illuminate\Session\TokenMismatchException' in /vagrant/app/filters.php:98 Commented Dec 15, 2014 at 2:58

1 Answer 1

Reset to default
1

You need to include your CSRF token in the header of your AJAX call. Try this:

In your HTML <head> block:

<!-- This is one of the more common ways of accessing your CSRF token. -->
<meta name="csrf-token" content="{{ csrf_token() }}">

And for your AJAX call:

var token = $('meta[name="csrf-token"]').attr('content');

$.ajax({
  type: "POST",
  url: baseLocalUrl,
  data: {
    html: $("#comment_area").text()
  },

  // Added the CSRF token to the request header.
  header: {"X-CSRF-Token": token},

  success: function(data) {
    alert("Success!");
  }
});

And finally, in app/filters.php, change your CSRF filter to:

Route::filter('csrf', function()
{
  $token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
  if (Session::token() != $token)
  {
    throw new Illuminate\Session\TokenMismatchException;
  }
});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.