i create project with laravel 12 and breeze & inertiajs - React mode

its Ok in localhost but when i push to production i cant send POST,PATCH,DELETE request get error: 419 Page Expired

i send _token from meta header tag

for example login Page:

    const {data, setData, post, processing, errors, reset} = useForm({
        email: '',
        password: '',
        remember: false as boolean,
        _token:  document.querySelector('meta[name="csrf-token"]')?.getAttribute('content'),
    });

    const submit: FormEventHandler = (e) => {
        e.preventDefault();
        post(route('login'), {
            onFinish: () => reset('password'),
        });
    };
}

Middleware

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web:      __DIR__ . '/../routes/web.php',
        commands: __DIR__ . '/../routes/console.php',
        health:   '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->web(append: [
                                     \App\Http\Middleware\HandleInertiaRequests::class,
                                     \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
                                 ]);

        //
    })
    ->withExceptions(function (Exceptions $exceptions) {
        $exceptions->respond(function (Response $response) {
            if ($response->getStatusCode() === 419) {
                return back()->with([
                                        'message' => 'The page expired, please try again.',
                                    ]);
            }

            return $response;
        });
    })->create();

Nginx config

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl-cert.pem;
    ssl_certificate_key /etc/nginx/ssl-privateKey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         'HIGH:!aNULL:!MD5';
    ssl_prefer_server_ciphers on;   
    server_name domain www.domain;

    root /var/www/domain/public;
    index index.php;

    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    } 

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
    }
    location ~ /\.ht {
                deny all;
        }
    

}

how can i fix this ?? please help

i try and search a lot but any one have this problem can`t find the sulution;

i create project with laravel 12 and breeze & inertiajs - React mode

its Ok in localhost but when i push to production i cant send POST,PATCH,DELETE request get error: 419 Page Expired

i send _token from meta header tag

for example login Page:

    const {data, setData, post, processing, errors, reset} = useForm({
        email: '',
        password: '',
        remember: false as boolean,
        _token:  document.querySelector('meta[name="csrf-token"]')?.getAttribute('content'),
    });

    const submit: FormEventHandler = (e) => {
        e.preventDefault();
        post(route('login'), {
            onFinish: () => reset('password'),
        });
    };
}

Middleware

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web:      __DIR__ . '/../routes/web.php',
        commands: __DIR__ . '/../routes/console.php',
        health:   '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->web(append: [
                                     \App\Http\Middleware\HandleInertiaRequests::class,
                                     \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
                                 ]);

        //
    })
    ->withExceptions(function (Exceptions $exceptions) {
        $exceptions->respond(function (Response $response) {
            if ($response->getStatusCode() === 419) {
                return back()->with([
                                        'message' => 'The page expired, please try again.',
                                    ]);
            }

            return $response;
        });
    })->create();

Nginx config

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl-cert.pem;
    ssl_certificate_key /etc/nginx/ssl-privateKey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         'HIGH:!aNULL:!MD5';
    ssl_prefer_server_ciphers on;   
    server_name domain www.domain;

    root /var/www/domain/public;
    index index.php;

    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    } 

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
    }
    location ~ /\.ht {
                deny all;
        }
    

}

how can i fix this ?? please help

i try and search a lot but any one have this problem can`t find the sulution;

• laravel
• inertiajs

Share Follow asked Mar 4 at 6:22 Mehrdad ShirvanMehrdad Shirvan 8722 silver badges1111 bronze badges 1

• 1. Check your session configuration In your .env file, make sure your session configuration is correct: SESSION_DRIVER=cookie SESSION_DOMAIN=localhost,and prod domain. – Ramil Huseynov Commented Mar 4 at 6:42

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

There is no Need to pass csrf token

Look : InertiaJS Docs

Laravel automatically includes the proper CSRF token when making requests via Inertia or Axios. However, if you're using Laravel, be sure to omit the csrf-token meta tag from your project, as this will prevent the CSRF token from refreshing properly.

If you do want to send manually (No need for this when laravel) :

Than this is the documented way :

import { router, usePage } from '@inertiajs/vue3'

const page = usePage()



_token: page.props.csrf_token,