Using Laravel, I created an app to summarize and chat with YouTube videos. Check it out!
Benjamin Crozat
Laravel Security

Here's how to fix the "419 Page Expired" error in Laravel

Benjamin Crozat
Modified on Aug 12, 2023 0 comments Edit on GitHub
Here's how to fix the "419 Page Expired" error in Laravel

Introduction to the “419 Page Expired” error in Laravel

Have you ever encountered the “Page Expired” error with the HTTP code 419 in your Laravel applications?

It’s often a simple issue related to CSRF (Cross-Site Request Forgery) tokens.

Let’s see what it means and how to fix it.

Why “419 Page Expired” happens and how to fix it

In your Laravel 8, 9, or 10 applications, whatever the version you are running is, you have likely used the @csrf directive in your forms.

This directive generates a hidden input field containing a CSRF token, which is included when submitting the form.

This token confirms that the form is being submitted from your application and not by a third party.

Errors like the “419 Page Expired” occur when the CSRF token is mismatched. This can happen for various reasons:

  • Sometimes, you let the page open for too long (a login page for instance), and the token expires, which is good. Just click the refresh button in your browser and re-send the form.
  • Or it might be because you forgot to include the @csrf directive in your form. This is problematic because, by default, Laravel expects the CSRF token to be present thanks to the VerifyCsrfToken middleware that filters the requests.

Learn more on Laravel’s documentation about Cross-Site Request Forgery protection.

Disable CSRF protection on some pages to avoid the “419 Page Expired” error

Occasionally, you may want to disable CSRF protection on some pages and kill those “419 Page Expired” errors.

Instead of removing the middleware from the kernel, specify which pages you want to exclude from being protected.

In app/Http/Middleware/VerifyCsrfToken.php:

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array<int, string>
     */
    protected $except = [
        '/some-page',
        '/some-other-page',
    ];
}

Wait, there's more!

Be the first to comment!

Get help or share something of value with other readers!

Great deals for enterprise developers
  • ZoneWatcher
    Get instant alerts on DNS changes across all major providers, before your customers notice.
    25% off for 12 months using the promo code CROZAT.
    Try ZoneWatcher for free
  • Quickly build highly customizable admin panels for Laravel projects.
    20% off on the pro version using the promo code CROZAT.
    Try Backpack for free
  • Summarize and talk to YouTube videos. Bypass ads, sponsors, chit-chat, and get to the point.
    Try Nobinge →
  • Monitor the health of your apps: downtimes, certificates, broken links, and more.
    20% off the first 3 months using the promo code CROZAT.
    Try Oh Dear for free
  • Keep the customers coming; monitor your Google rankings.
    30% off your first month using the promo code WELCOME30
    Try Wincher for free →
The latest community links
- / -