I have faced the same issue and I could solve it by just adding the following package on top: "Spatie\Permission\PermissionServiceProvider::class,"

just add {{ csrf_field() }} to your form block and it will save you lot of time

<form action="{{ route('signup') }}" method="post" class="form-signin">
{{ csrf_field() }}
...
</form>

put <meta name="csrf_token" content="{{ csrf_token() }}"> so token is always available and use that with your AJAX request: ex:

var csrftoken =  (function() {
var metas = window.document.getElementsByTagName('meta');
for(var i=0 ; i < metas.length ; i++) {
    if ( metas[i].name === "csrf-token") {
        return  metas[i].content;
    }
}})();

When I realized this was only happening in IE and Chrome, but not Firefox, it led me to the fix. The app was using AddThis share buttons and the javascript was adding an iframe to the pages. This issue is resolved by adding a P3P header to the VerifyCsrfToken Middleware. Hope this saves somebody the hours I lost.

public function handle($request, Closure $next)
    {
        $response = $next($request);

        if (last(explode('\\',get_class($response))) != 'RedirectResponse') {
            $response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
        }

        return $response;
    }

For anyone, who is facing this issue in spite of adding {{ csrf_field() }} in the form field and even by adding this in the head tag <meta name="csrf-token" content="{{ csrf_token() }}">

The issue is with writing in the storage because of not adding your current user on Linux in the right group. Make sure to add your current user to www-data group. Write this command

sudo chown -R :www-data /path/to/laravel-folder

Make sure to give right permission to storage folder as well in the laravel app.

sudo chmod -R 775 /path/to/laravel-folder/storage

I hope this helps.