CSRF token mismatch in scribe/laravel

Question

I'm developing an REST API in laravel with middleware sanctum for authentication. I'm using Postman for testing and it's all ok, specially on login.

But meanwhile, I'm already trying to developing documentation for my API (it's my final project at University) and I'm using scribe (https://scribe.knuckles.wtf/laravel) for that. Scribe has a functionality that permits "Try it out" the API endpoints.

All "GET" endpoints are ok, but "POST" login endpoint is giving an error "CSRF token mismatch":

{
"message": "CSRF token mismatch.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
"line": 227,
"trace": [
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.php",
        "line": 199,
        "function": "prepareException",
        "class": "Illuminate\\Foundation\\Exceptions\\Handler",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\app\\Exceptions\\Handler.php",
        "line": 59,
        "function": "render",
        "class": "Illuminate\\Foundation\\Exceptions\\Handler",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Pipeline.php",
        "line": 51,
        "function": "render",
        "class": "App\\Exceptions\\Handler",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 172,
        "function": "handleException",
        "class": "Illuminate\\Routing\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Session\\Middleware\\StartSession.php",
        "line": 116,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Session\\Middleware\\StartSession.php",
        "line": 62,
        "function": "handleStatefulRequest",
        "class": "Illuminate\\Session\\Middleware\\StartSession",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Session\\Middleware\\StartSession",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse.php",
        "line": 37,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\EncryptCookies.php",
        "line": 67,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\sanctum\\src\\Http\\Middleware\\EnsureFrontendRequestsAreStateful.php",
        "line": 26,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 149,
        "function": "Laravel\\Sanctum\\Http\\Middleware\\{closure}",
        "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 103,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\sanctum\\src\\Http\\Middleware\\EnsureFrontendRequestsAreStateful.php",
        "line": 34,
        "function": "then",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 103,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
        "line": 687,
        "function": "then",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
        "line": 662,
        "function": "runRouteWithinStack",
        "class": "Illuminate\\Routing\\Router",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
        "line": 628,
        "function": "runRoute",
        "class": "Illuminate\\Routing\\Router",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
        "line": 617,
        "function": "dispatchToRoute",
        "class": "Illuminate\\Routing\\Router",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
        "line": 165,
        "function": "dispatch",
        "class": "Illuminate\\Routing\\Router",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 128,
        "function": "Illuminate\\Foundation\\Http\\{closure}",
        "class": "Illuminate\\Foundation\\Http\\Kernel",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
        "line": 21,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
        "line": 21,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize.php",
        "line": 27,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode.php",
        "line": 63,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.php",
        "line": 52,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Fruitcake\\Cors\\HandleCors",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\fideloper\\proxy\\src\\TrustProxies.php",
        "line": 57,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 167,
        "function": "handle",
        "class": "Fideloper\\Proxy\\TrustProxies",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
        "line": 103,
        "function": "Illuminate\\Pipeline\\{closure}",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
        "line": 140,
        "function": "then",
        "class": "Illuminate\\Pipeline\\Pipeline",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
        "line": 109,
        "function": "sendRequestThroughRouter",
        "class": "Illuminate\\Foundation\\Http\\Kernel",
        "type": "->"
    },
    {
        "file": "C:\\laragon\\www\\dbgep-api\\public\\index.php",
        "line": 55,
        "function": "handle",
        "class": "Illuminate\\Foundation\\Http\\Kernel",
        "type": "->"
    }
]

}

I tried already changing some scribe options, but with no success.

I notice that on Postman testing I have on xsrf cookie, that probably it is the key for no error on postman (I confess that this project is a challenge and I am learning many things and don't know other things), but I don't know how to configure "scribe" to replicating this.

I anyone could help me I would be grateful.... sorry about my english

Lyzvaleska · Accepted Answer · 2021-11-16 15:51:50Z

2

I encountered the same problem with Laravel Sanctum and Scribe, and finally found the solution in the documentation.

If you're using Sanctum with scribe, you have to set :

config/scribe.php

'use_csrf' => true, //default false

answered Nov 16, 2021 at 15:51

Lyzvaleska

3036 silver badges17 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

David Almeida · Accepted Answer · 2021-06-15 22:39:15Z

0

Meanwhile, I created another "window" on Postman, and I didn't have to define any cookie "xsrf", and login works very well:

So, the problem is elsewhere.

answered Jun 15, 2021 at 22:39

David Almeida

491 silver badge5 bronze badges

1 Comment

Dgloria Over a year ago

Have you found a solution yet? Using VerifyCsrfToken protected $except = [] adding my route didn't work for me. Also tried VsCode Thunder extension, same result.

Collectives™ on Stack Overflow

CSRF token mismatch in scribe/laravel

2 Answers 2

Comments

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related