mardi 5 avril 2016

Laravel 5 Form Posting gives 403 Error

I have a form which is populated and submitted by JavaScript. The form is build by Laravel Form Builder. Here is the code for the Form:

{!!Form::open(['url' => URL::to('billing/payments', array(), true ), 'id' => 'frmRebill'])!!}
    {!!Form::hidden('plan', '', ['id' => 'plan'])!!}
    {!!Form::hidden('annual', '', ['id' => 'annual'])!!}
{!!Form::close()!!}

If form is accessed from http://ift.tt/25JbzNV and submitted to http://ift.tt/1RLTHIO or http://ift.tt/25JbCcB, it works fine.

But when form is accessed from http://ift.tt/1RLTHIS and submitted to http://ift.tt/1RLTHIO it gives the 403 error.

I'm using Nginx. Here is the Nginx virtual host file:

server {
    listen 80;
    server_name server.com
    charset utf-8;
    sendfile off;
    client_max_body_size 10m;
    index index.php;

    error_log /var/log/nginx/error.log debug;
    access_log /var/log/nginx/access.log;

    root /var/www/server/public;

    location /ping.html {
            return 200 'pong';
    }

location ~ ^/billing/(.+(?:css|js|woff|woff2|ttf))$ {
            alias /var/www/billing/public/$1;
            access_log off;
    }

#billing code in laravel5
location /billing/ {

    error_log /var/log/nginx/mkj-error.log debug;

    alias /var/www/billing/public;
    ## Check for file existing and if there, stop ##
    if (-f $request_filename) {
            break;
    }

    ## Check for file existing and if there, stop ##
    if (-d $request_filename) {
            break;
    }
    index index.php;
    try_files $uri $uri/ @billing;
}
location @billing {
    rewrite /billing/(.*)$ /billing/index.php?/$1 last;
}

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    set $php_root /var/www/s/public;
    if ($request_uri ~ /billing) {
        set $php_root /var/www/billing/public;
        }
        fastcgi_param PATH_TRANSLATED $php_root/index.php;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_param REMOTE_ADDR $http_x_real_ip;
        include fastcgi_params;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_read_timeout 120;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }


    location ~ /\.ht {
        deny all;
    }
}

Note: the csrf token is also same generated by the form and saved in session. Can some one please figure out what the problem is and what is the solution?



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)