I have multiple Laravel sites hosted on the same server. With the latest site I've created, the contact form refuses to submit without throwing a 419 error. I have set up the routing in my web.php file just like the other websites, which have live, working contact forms, and I'm generating and sending the token exactly the same way - with {{ csrf_field() }}.

I found an answer to a similar question stating that you can disable Csrf checking by adding entries to the $except array in app/Http/Middleware/VerifyCsrfToken.php. I have verified that this does indeed resolve the 419 error:

protected $except = [
    'contact',
    'contact*',
];

But of course I wish to keep the Csrf functionality, and I only updated the $except array for troubleshooting value.

Does anyone know what may be different about the new Laravel environment that would have this 419 behavior despite passing the generated token? I have tried updating a number of ENV settings and toggling different things, but nothing other than modifying the $except array has had any influence on the issue.

Update

Since there has been a bit of discussion so far, I figured I'd provide some additional info and code.

First, this is an ajax form, but don't jump out of your seat just yet. I have been testing the form both with and without ajax. If I want to test with ajax, I just click the button that's hooked up to the jQuery listener. If not, I change or remove the button's ID, or run $("#formName").submit(); in the console window.

The above (ajax, old-fashioned submit, and the jquery selector with .submit();) all result in the exact same response - a 419 error.

And for the sake of completeness, here's my ajax code which is working on all of the other websites I'm hosting. I define a postData array to keep it all tidy, and I added a console.log() statement directly after it to (again) confirm that token is generated just fine and is being passed correctly with the request.

var postData = {

    name: $("#name").val(),
    email: $("#email").val(),
    message: $("#message").val(),

    _token: $("input[name=_token]").val()

};

console.log(postData);


$.post("/contact", postData, function (data) {

...

Any ideas? Could there be a configuration issue with my ENV or another file?

Progress Update!

Because the other sites are working just fine, I cloned an old site and simply overwrote the files that I changed for the new website, and bam! It's working now. Doing a little bit more digging, I ran php artisan --version on the cloned version of the site versus the non-working version, and here are the results:

Working Version: Laravel Framework 5.7.3

Non-working Version: Laravel Framework 5.7.9

Perhaps this is a bug with Laravel? Or perhaps some packages on my server are out of date and need to be updated to work with the new version of Laravel?

just found your issue on the framework repo. It is not a laravel issue, your installation is missing write permissions on the storage folder, thus laravel can't write session, logs, etc.

You get a 419 error because you can't write to the files, thus you can't create a sessionn, thus you can't verify the csrf token.

Quick fix: chmod -R 777 storage

Right fix: move your installation to a folder where nginx/apache/your user can actually write. If you are using nginx/apache, move you app there and give the right permissions on the project (chown -R www-data: /path-to-project) If you are using php artisan serve, change it's permissions to your user: chown -R $(whoami) /path-to-project

You get it, let writers write and you're good.

Check out my answer to this question if it would be of help to what you are trying to achieve Form post request return error 419 unknown status laravel

run this command php artisan key:generate

test this code

Route::get('/contact', [
   'uses' => 'ContactController@index',
   'nocsrf' => true,
]);
Route::post('/contact', [
   'uses' => 'ContactController@contactSubmit',
   'nocsrf' => true,
]);

or you can delete hole csrf

protected $except = [
    '*'
];