Looking to fix the “TokenMismatchException in VerifyCsrfToken.php” error in Laravel? You’ve come to the right place as this tutorial explores some of the ways in which the TokenMismatchException error can be fixed.

Cross-site request forgeries (CSRF) are unauthorized actions that are performed by authenticated users of an application. Laravel offers CSRF protection in order to prevent applications from these kinds of malicious exploits.

For each active user session, Laravel generates a token which verifies that the requests coming into an application have been sent by an authenticated user and not someone who’s pretending to be the concerned user.

When it comes to CSRF protection, a common error that Laravel developers face is the “TokenMismatchException in VerifyCsrfToken.php” error. In this tutorial, we’ll show you various different solutions for fixing this error.

How to Fix “TokenMismatchException in VerifyCsrfToken.php” error in Laravel

1. Add a hidden CSRF field to HTML form

If you’re getting the TokenMismatchException after submitting an HTTP POST request via an HTML form, then chances are that you haven’t added a CSRF token field. This field generates a token that is used by Laravel to verify the authenticity of requests and prevent cross-site forgeries.

Here’s how you can add a hidden CSRF token field to a form:

<form method="POST" action="/register">
    {{ csrf_field() }}
</form>

The csrf_field() function in the above example automatically adds a hidden field to the form containing a token that will be sent with every request submitted by the form. Laravel uses this token to prevent CSRF exploits by verifying that it matches the token stored in the session.

2. X-CSRF-TOKEN

If you’re sending an HTTP POST request using a library, such as by using jQuery’s AJAX function, then you have to add X-CSRF-TOKEN to your request headers.

First, add the following meta tag to HTML:

<meta name="csrf-token" content="{{ csrf_token() }}">

Next, attach the token to the X-CSRF-TOKEN request header:

$.ajax({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

3. Exclude a URI From CSRF Protection

There are times when you want to bypass Laravel’s CSRF protection from specific URIs. Luckily, it’s quite easy to achieve this in Laravel. To do so, you have to add the URIs to the $except property of the VerifyCsrfToken middleware. This is located in app/Http/Middleware/VerifyCsrfToken.php.

class VerifyCsrfToken extends Middleware
{
    protected $except = [
        'api/*',
        'test/register',
    ];
}

Although this seems to be an easy fix, you should only use this method if you are not concerned about CSRF protection for certain routes of your application.

Wrap Up

These are some of the ways in which you can fix the “TokenMismatchException in VerifyCsrfToken.php” error in Laravel. This is a common error that most Laravel developers face. Fortunately, you can fix the problem easily using the solutions mentioned in this tutorial.

If you wish to learn more about Laravel, you can check out our collection of Laravel Tutorials available for free or head to the official Laravel documentation website.