6

While uploading an image via wysiwyg editor I need to pass the Laravel CSRF token with the FormData(). But it seems like it fails or it does not add the csrf token using the append() method.

Here is my code:

  function uploadImage( image ) {
    var data = new FormData();
    data.append( "image", image );

    data.append( "csrfToken", Laravel.csrfToken ); // <- adding csrf token
    // Laravel.csrfToken will return the csrf token.

    console.log( data.entries() );
    $.ajax ({
      data: data,
      type: "POST",
      url: "/article/store/image",
      cache: false,
      contentType: false,
      processData: false,
      success: function(url) {
        var image = IMAGE_PATH + url;
          $( '#editor' ).summernote( "insertImage", image );
        },
        error: function( data ) {
          console.log( data );
        }
    });
  }

enter image description here

Its not adding the laravel csrf token with the form data because still I am getting an error

TokenMismatchException in VerifyCsrfToken.php line 68

How to add the token with the form data?

Improve this question
2
  • What Laravel.csrfToken returns? Commented Nov 29, 2016 at 13:30
  • @SaumyaRastogi just the token string. Commented Nov 29, 2016 at 13:30

3 Answers 3

Reset to default
13

You should add a field named - _token, instead of csrfToken like this:

data.append( "_token", Laravel.csrfToken ); // <- adding csrf token

This is what Laravel's helper method - csrf_field() does.

According to Laravel Docs, in case of Ajax calls - you could, for example, store the token in a HTML meta tag::

<meta name="csrf-token" content="{{ csrf_token() }}">

and then include in your ajax header like this:

$.ajaxSetup({
   headers: {
       'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
   }
});

Hope this helps!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

For ajax requests, I like to set it up once with $.ajaxSetup.

In my layout:

<meta name="csrf-token" content="{{ csrf_token() }}">

In my app.js:

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

This saves me having to remember to append the _token input to every request.

Improve this answer

Comments

2

while @Saumya already answered this question, I use headers to send CSRF tokens like so:

$.ajax ({
  data: data,
  type: "POST",
  headers: {'X-CSRF-TOKEN': Laravel.csrfToken },
  url: "/article/store/image",
  cache: false,
  contentType: false,
  processData: false,
  success: function(url) {
    var image = IMAGE_PATH + url;
      $( '#editor' ).summernote( "insertImage", image );
    },
    error: function( data ) {
      console.log( data );
    }
});

If you are using ajax to send multiple requests throughout your application, you can set it up globally for every request at once:

$.ajaxSetup({
headers: {
    'X-CSRF-TOKEN': Laravel.csrfToken
}
});

Learn more Here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.