Post method results in error 419, page expired

[da40]

Describe the bug

This seems to be a very elegant solution to the localization problem, except that I can't get the post method to work. When I click the Submit button on a form, I get error 419, page expired.

To Reproduce

In my web.php file, I have:

Route::multilingual('message', 'SiteController@get_message');
Route::multilingual('message', 'SiteController@post_message')->method('post');

The implementations are in SiteController.php as follows:

public function get_message(Request $request)
{
    return view('message');
}

public function post_message(Request $request)
{
    \Log::debug('In post_message');
    return view('thanks');
}

This is the form in message.blade.php:

<form action="message">
      <label for="message">{{trans('forms.message')}}:</label><br>
      <input type="text" id="message" name="message"><br>
      <input type="submit" value="Submit" formmethod="post">
</form>

Expected behavior

I expected the contents of thanks.blade.php to be displayed.

Result of route:list:

+--------+----------+-------------+-------------+--------------------------------------------------+------------+
| Domain | Method   | URI         | Name        | Action                                           | Middleware |
+--------+----------+-------------+-------------+--------------------------------------------------+------------+
|        | GET|HEAD |             | en./        | Closure                                          | web        |
|        | GET|HEAD | /fr         | fr./        | Closure                                          | web        |
|        | GET|HEAD | api/user    |             | Closure                                          | api        |
|        |          |             |             |                                                  | auth:api   |
|        | GET|HEAD | fr/message  | fr.message  | App\Http\Controllers\SiteController@get_message  | web        |
|        | POST     | fr/message  | fr.message  | App\Http\Controllers\SiteController@post_message | web        |
|        | GET|HEAD | fr/news     | fr.news     | Closure                                          | web        |
|        | GET|HEAD | fr/produits | fr.products | App\Http\Controllers\SiteController@get_products | web        |
|        | GET|HEAD | message     | en.message  | App\Http\Controllers\SiteController@get_message  | web        |
|        | POST     | message     | en.message  | App\Http\Controllers\SiteController@post_message | web        |
|        | GET|HEAD | news        | en.news     | Closure                                          | web        |
|        | GET|HEAD | products    | en.products | App\Http\Controllers\SiteController@get_products | web        |
+--------+----------+-------------+-------------+--------------------------------------------------+------------+

Additional context

The same thing happens if the route is defined as:

Route::post('message', 'SiteController@post_message');

What am I doing wrong?

[chinleung]

Hi @DA40,

The error has nothing to do with the package. You are receiving the 419 because you are not passing the CRSF Token in your form.

Simply add the @csrf blade directive to your form like this:

<form action="message">
    @csrf
    <label for="message">{{ trans('forms.message') }}:</label><br>
    <input type="text" id="message" name="message"><br>
    <input type="submit" value="Submit" formmethod="post">
</form>

You can read more about CSRF protection here: https://laravel.com/docs/7.x/csrf#csrf-introduction

[da40]

Hi Chin Leung,

Thank you for letting me know the cause of the problem.

I had been struggling with the localization issue for a while, before discovering your solution, so knocked up a quick test site, before committing to using it. In doing so, I forgot to include @csrf, but was thrown by the obscure error message. I now feel confident to use your very elegant solution.

Best regards,

Keith MacDonald

[chinleung]

I had been struggling with the localization issue for a while, before discovering your solution, so knocked up a quick test site, before committing to using it. In doing so, I forgot to include @csrf, but was thrown by the obscure error message. I now feel confident to use your very elegant solution.

Thanks @DA40 ! Don't hesitate if you have any questions.

[da40]

Hi,

I was making good progress incorporating Multilingual Routes into my website, until I tried to modify routes such as:

Route::view('/addons/macros', ‘addons/template', ['menugroup' => 'download', 'page' => 'macros']);

Is it possible to pass Route::view’s optional third parameter (which I use to highlight the active parts of menus) to Route::multilingual? Otherwise, I suppose I can do it via a controller.

Thanks,

Keith MacDonald

[chinleung]

Is it possible to pass Route::view’s optional third parameter (which I use to highlight the active parts of menus) to Route::multilingual? Otherwise, I suppose I can do it via a controller.

At the current time, it is not possible. But I've opened an issue to add the possibility later on.

You can always use the controller or use the following alternative for the moment:

Route::multilingual('addons/macros')->view('addons/template')->defaults([
    'data' => [
        'menugroup' => 'download',
        'page' => 'macros',
    ],
]);

[da40]

That’s a shame, as I have 32 such routes, but thanks for the workaround.

[chinleung]

That’s a shame, as I have 32 such routes, but thanks for the workaround.

I've released a new version that will support passing data. You can have a look at this issue for more information.

[da40]

I’m impressed. You made that enhancement faster than I could modify my routes according to your workaround!

Thanks very much.