F
Filament2w ago
Alan Lima

419 CSRF Error on Livewire after migrating from Laravel 9 + Filament 2 to Laravel 11 + Filament 3

What I am trying to do: I'm migrating an existing project from Laravel 9 + Filament 2 to Laravel 11 + Filament 3. After the migration, I can see the login page, but when I try to log in, it refreshes and shows a 419 error on the Livewire POST request. PHP 8.2.12. What I did: 1. Upgraded Laravel from 9 to 11 2. Upgraded Filament from 2 to 3 3. Updated composer.json: - laravel/framework: ^11.0 - filament/filament: ^3.0 - laraveldaily/laravel-invoices: ^4.0 4. Updated app/Models/User.php: 
   public function canAccessPanel(Panel $panel): bool
   {
       return $this->status == 1;
   }
   public function canAccessPanel(Panel $panel): bool
   {
       return $this->status == 1;
   }
5. Fixed AdminPanelProvider.php to use correct resource paths and added ->login() 6. Added livewire/* to CSRF exceptions in app/Http/Middleware/VerifyCsrfToken.php 7. Added 'XSRF-TOKEN' to app/Http/Middleware/EncryptCookies.php exceptions 8. Set SESSION_DOMAIN=127.0.0.1 and SESSION_SECURE_COOKIE=false in .env 9. Removed the old app/Http/Kernel.php 10. Cleared all caches, restarted the server, cleared browser cache/cookies My issue/the error: When I click the login button with correct credentials, the page refreshes and I get this error in the browser console: POST http://127.0.0.1:8000/livewire/update 419 (unknown status) The browser shows "This page has expired. Would you like to refresh the page?" Code: 
>middleware([
    EncryptCookies::class,
    AddQueuedCookiesToResponse::class,
    StartSession::class,
    AuthenticateSession::class,
    ShareErrorsFromSession::class,
    SubstituteBindings::class,
    DisableBladeIconComponents::class,
    DispatchServingFilamentEvent::class,
], isPersistent: true)
>middleware([
    EncryptCookies::class,
    AddQueuedCookiesToResponse::class,
    StartSession::class,
    AuthenticateSession::class,
    ShareErrorsFromSession::class,
    SubstituteBindings::class,
    DisableBladeIconComponents::class,
    DispatchServingFilamentEvent::class,
], isPersistent: true)
app/Http/Middleware/VerifyCsrfToken.php: 
protected $except = [
    'livewire/*',
];

protected $addHttpCookie = true;
protected $except = [
    'livewire/*',
];

protected $addHttpCookie = true;
` app/Http/Middleware/EncryptCookies.php: 
protected $except = [
    'XSRF-TOKEN',
];
protected $except = [
    'XSRF-TOKEN',
];
The CSRF token is present in the session and in the Livewire script tag (data-csrf), but the POST request still fails with 419.
No description
No description
1 Reply
toeknee
toeknee2w ago
On the red (failed) update record what is the response.

Did you find this page helpful?