search

cydrobolt / polr

:aerial_tramway: A modern, powerful, and robust URL shortener
https://polrproject.org
GNU General Public License v2.0
4.99k stars 894 forks source link

TokenMismatchException in VerifyCsrfToken.php line 46 #332

Closed ezbakeapps closed 7 years ago

ezbakeapps commented 7 years ago

After completing the setup form, I get the "Whoops! Something went wrong" screen with the leading title as in the subject above.

Expected Behavior

I was expecting to be taken to my Polr home page.

It appears to be an issue with Laravel - which I am totally unfamiliar with. I have been through the documentation and reset permissions, etc. I just really don't know where to start for troubleshooting.

I have installed and uninstalled on multiple servers - both public (Dreamhost VPS) and private (LAMP) and get the same issue in all instances.

You can currently find it at http://vea.link.

Here is the entire error message. Anny assistance would be greatly appreciated!

TokenMismatchException in VerifyCsrfToken.php line 46: in VerifyCsrfToken.php line 46 at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 20 at VerifyCsrfToken->handle(object(Request), object(Closure)) at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124 at Pipeline->Illuminate\Pipeline{closure}(object(Request)) in ShareErrorsFromSession.php line 49 at ShareErrorsFromSession->handle(object(Request), object(Closure)) at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124 at Pipeline->Illuminate\Pipeline{closure}(object(Request)) in StartSession.php line 62 at StartSession->handle(object(Request), object(Closure)) at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124 at Pipeline->Illuminate\Pipeline{closure}(object(Request)) in EncryptCookies.php line 59 at EncryptCookies->handle(object(Request), object(Closure)) at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124 at Pipeline->Illuminate\Pipeline{closure}(object(Request)) at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103 at Pipeline->then(object(Closure)) in Application.php line 1451 at Application->sendThroughPipeline(array('Illuminate\Cookie\Middleware\EncryptCookies', 'Illuminate\Session\Middleware\StartSession', 'Illuminate\View\Middleware\ShareErrorsFromSession', 'App\Http\Middleware\VerifyCsrfToken'), object(Closure)) in Application.php line 1221 at Application->dispatch(null) in Application.php line 1161 at Application->run() in index.php line 28

cydrobolt commented 7 years ago

Can you share your current .env file?

ezbakeapps commented 7 years ago

I'm pretty sure it never gets that far as the env file contents are all defaults. Permissions are 755

APP_ENV=local
APP_DEBUG=true
APP_KEY=,faO^ofvGeJ8|Z.q{mWp=^i}Cmzj+k&K

APP_LOCALE=en
APP_FALLBACK_LOCALE=en

# DB_CONNECTION=mysql
# DB_HOST=localhost
# DB_PORT=3306
# DB_DATABASE=homestead
# DB_USERNAME=homestead
# DB_PASSWORD=secret

CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=file

VERSION=2.1.1
VERSION_RELMONTH=December
VERSION_RELDAY=9
VERSION_RELYEAR=2016
cydrobolt commented 7 years ago

Does the storage folder within your Polr folder have proper permissions? Does the Apache/PHP-FPM server have write permissions on the folder? You should set permissions recursively on the folder.

Can you do ls -lah on your Polr folder and inside your storage folder?

ezbakeapps commented 7 years ago

I believe the permission are correct - here is the polr folder: total 240K drwxr-xr-x 13 veanea pg5030192 4.0K Mar 9 09:05 . drwx--x--- 14 veanea adm 4.0K Mar 9 07:38 .. -rwxr-xr-x 1 veanea pg5030192 371 Mar 9 09:05 .env -rw-r--r-- 1 veanea pg5030192 371 Mar 8 09:01 .env.setup drwxr-xr-x 2 veanea pg5030192 64 Mar 8 09:01 .github -rw-r--r-- 1 veanea pg5030192 79 Mar 8 09:01 .gitignore -rw-r--r-- 1 veanea pg5030192 23 Mar 8 09:01 .jshintrc -rw-r--r-- 1 veanea pg5030192 244 Mar 8 09:01 .travis.yml -rw-r--r-- 1 veanea pg5030192 18K Mar 8 09:01 LICENSE -rw-r--r-- 1 veanea pg5030192 3.1K Mar 8 09:01 README.md drwxr-xr-x 12 veanea pg5030192 4.0K Mar 8 09:01 app -rw-r--r-- 1 veanea pg5030192 1.1K Mar 8 09:01 artisan drwxr-xr-x 2 veanea pg5030192 28 Mar 8 09:01 bootstrap -rw-r--r-- 1 veanea pg5030192 854 Mar 8 09:01 composer.json -rw-r--r-- 1 veanea pg5030192 152K Mar 9 07:41 composer.lock drwxr-xr-x 5 veanea pg5030192 67 Mar 8 09:01 database drwxr-xr-x 6 veanea pg5030192 125 Mar 8 09:01 docs -rw-r--r-- 1 veanea adm 0 Mar 8 08:52 favicon.gif -rw-r--r-- 1 veanea adm 0 Mar 8 08:52 favicon.ico -rw-r--r-- 1 veanea pg5030192 549 Mar 8 09:01 mkdocs.yml -rw-r--r-- 1 veanea pg5030192 1022 Mar 8 09:01 phpunit.xml drwxr-xr-x 6 veanea pg5030192 4.0K Mar 9 07:00 public drwxr-xr-x 4 veanea pg5030192 41 Mar 8 09:01 resources -rw-r--r-- 1 veanea pg5030192 424 Mar 8 09:01 server.php drwxr-xr-x 5 veanea pg5030192 59 Mar 8 09:01 storage drwxr-xr-x 2 veanea pg5030192 4.0K Mar 8 09:01 tests drwxr-xr-x 2 veanea pg5030192 62 Mar 8 09:01 util drwxrwxr-x 30 veanea pg5030192 4.0K Mar 9 07:41 vendor

And the Storage Folder

total 4.0K drwxr-xr-x 5 veanea pg5030192 59 Mar 8 09:01 . drwxr-xr-x 13 veanea pg5030192 4.0K Mar 9 09:05 .. drwxr-xr-x 2 veanea pg5030192 31 Mar 8 09:01 app drwxr-xr-x 5 veanea pg5030192 61 Mar 8 09:01 framework drwxr-xr-x 2 veanea pg5030192 51 Mar 9 08:52 logs

cydrobolt commented 7 years ago

Is veanea the user Apache is running under? Can you make sure?

cydrobolt commented 7 years ago

Can you try editing your .env file and setting SESSION_DRIVER=cookie and seeing if you can submit the form correctly?

ezbakeapps commented 7 years ago

I verified that Apache is running under veanea. Also, setting the SESSION_DRIVER to cookie had no effect. Same error. When I search for "TokenMismatchException in VerifyCsrfToken.php line 46" , do see some "solutions" but I have no idea if they pertain or where to implement them.

https://laravel.io/forum/11-14-2014-laravel-5-cant-post, https://teamtreehouse.com/community/laravel-5-tokenmismatchexception-in-verifycsrftokenphp-line-46

ezbakeapps commented 7 years ago

So I rebuilt a local LAMP server and installed the latest version of Polr from scratch and was able to get it to function - no clue what was different. So I created a new folder on my host and pointed vea.link there and reinstalled Polr from scratch there - but I still get the same error. Must be something with my host? Installing composer on my host seems to go fine, there is just one warning about json already being installed...

curl -sS https://getcomposer.org/installer | php PHP Warning: Module 'json' already loaded in Unknown on line 0 All settings correct for using Composer Downloading...

Composer (version 1.4.1) successfully installed to: /home/veanea/vea.link2/compo ser.phar Use it: php composer.phar

[ps563479]$ php composer.phar install --no-dev -o PHP Warning: Module 'json' already loaded in Unknown on line 0 Loading composer repositories with package information Installing dependencies from lock file Package operations: 68 installs, 0 updates, 0 removals

cydrobolt commented 7 years ago

That's really weird! I can't manage to reproduce the error you're seeing on Fedora 25 + PHP 7.0 nor on Ubuntu 14.04 LTS + PHP 5.5.9. What OS and version of PHP are you running? Is your local LAMP server running the same versions of software as your host?

nekloth commented 6 years ago

I got the same error, running on RPi.

I set up the right to 777 on storage folder (even if owner:group is set to www-data:www-data).

I also set up SESSION_DRIVER=cookie (no effect).

user@RPi:/var/www/polr $ php -v
PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.19-1, Copyright (c) 1999-2017, by Zend Technologies

Any idea on how to solve that?

Thanks. Nekloth

sndrr commented 6 years ago

@nekloth And your disk has free space (where the www-folder is)?

From one of the mentioned links:

I was getting this message because my disk was out of space. df -H pointed this out but not until a lot of other debugging.

When the disk is full laravel can't save the updated csrf token but return it to the browser where it is then used.

nekloth commented 6 years ago

Thanks for the help.

Folder is on fresh new installation using a 250Gb hard-drive. Plenty of free space then...

Any other clue ?

urbels commented 5 years ago

I have the same issue after updating my polr. Did not update for a while. Anyone managed to get rid off that error without reinstalling it completely?

cydrobolt commented 5 years ago

@urbels were you able to solve the issue? If updating your code caused the issue, you could try to git checkout a commit that worked for you. Without more information, I can't tell what specifically is causing your issue.

urbels commented 5 years ago

@cydrobolt No, its still broken and yes, before update it worked. Also I dont remember what was the commit that worked because it was a while ago. Its no so important also as I used that shortener only for myself.

urbels commented 5 years ago

I found this https://laravel.com/docs/5.0/routing#csrf-protection

And it seems that this meta tag is not used in polr.

deshiloh commented 5 years ago

I have the same error... someone find the solution ?

urbels commented 5 years ago

No luck