419 Page Expired Popup
I am getting this popup with 419 page expire on edit page how to customize this popup or fix this issue. Session is not expired if i reload the page. This should not show this error 419. Its probally because of inactivity.
Solution:Jump to solution
I have fixed by modifing bootstrap\app.php
->withMiddleware(function (Middleware $middleware) {
$middleware->validateCsrfTokens(except: [
'livewire/*'
]);...
14 Replies
I don’t think that’s a filament thing.
I have never seen a 419 js alert. 😅
I have published the Laravel error pages i can customize the error but i m still not getting why is it showing if u are in other tabs for a while it will trigger i m on user edit page or any page when login is happening after some time
This not on Filament . If you install sanctum check your .env for session url domen or config/cros.php.
its default .env of laravel 11 with filament 3.2+
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null
i m not sure if i have to change some of these
is showing on filament admin routes
here is
default vendor cors.php
'paths' => ['api/', 'sanctum/csrf-cookie'],
'allowed_methods' => [''],
'allowed_origins' => [''],
'allowed_origins_patterns' => [],
'allowed_headers' => [''],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
Solution
I have fixed by modifing bootstrap\app.php
->withMiddleware(function (Middleware $middleware) {
$middleware->validateCsrfTokens(except: [
'livewire/*'
]);
})
I have the same problem but is this not a security issue?
i dont think that is the proper solution here
you shouldn't have to disable csrf for filament to function
What should I do then? I did the same and it works
do you have it all the time that 419? maybe the session domain is wrong
Yep I get it if I am logged in and doing nothing for hours. What I have to do if thats the case?
But as I see it's the same on the official demo page
ooh if u dont do anything with the app the session will expire
you can increase its lifetime in config/session.php
if you enable database notifications with polling then it should keep the session open for the lifetime of the browser
I mean I know that, the problem is the error which is popping up to the user
Maybe the user gets confused because of the expired error
Try to modify gc_maxlifetime in PHP.ini file, by default IS set to 1440 seconds, extend it to 7200 seconds