$.ajax gets a 419 only in safari, works fine with chrome and FF

I have a ajax call on a laravel blade page. This ajax call works find on Chrome and FF but fails with a 419 every time when using safari. I have tried all the solutions mentioned in different threads on stack.

my latest iteration of the code looks like the following code below. (it is posting after getting a message from an iframe)

    <script type="text/javascript">
    window.addEventListener('message', function messageListener(event) {
        var iframeUrl = "{{ Config::get('app.nexio_url')}}";
        var token = "<?php echo session('_token'); ?>";
        if (event.origin === iframeUrl) {
            console.log('------->event.data', event.data);
            console.log('------->', '{{csrf_token()}}');
            if(event.data.event === 'processed'){
                $.ajax({
                  type: "POST",
                  url: "pay/paynow-nexio",
                  data: {'payment_data':event.data.data.id, '_token':'{{csrf_token()}}', 'response':event.data.data},
                  cache: false,
                  success: function(data){
                     if(data != '')
                     {
                        window.location.href = data;
                     }
                  }
                });
            }
        }
    });

</script>

JavaScript
​x
 
    <script type="text/javascript">    window.addEventListener('message', function messageListener(event) {        var iframeUrl = "{{ Config::get('app.nexio_url')}}";        var token = "<?php echo session('_token'); ?>";        if (event.origin === iframeUrl) {            console.log('------->event.data', event.data);            console.log('------->', '{{csrf_token()}}');            if(event.data.event === 'processed'){                $.ajax({                  type: "POST",                  url: "pay/paynow-nexio",                  data: {'payment_data':event.data.data.id, '_token':'{{csrf_token()}}', 'response':event.data.data},                  cache: false,                  success: function(data){                     if(data != '')                     {                        window.location.href = data;                     }                  }                });            }        }    });​</script>​

I even tried adding

$.ajaxSetup({
      headers: { 'X-CSRF-Token' : '{{csrf_token()}}' }
});

JavaScript
 
$.ajaxSetup({      headers: { 'X-CSRF-Token' : '{{csrf_token()}}' }});​

I am at a loss at what to try next. thanks for any help at all

from the dev tools

Summary
URL: https://domain.dev/pay/paynow-nexio
Status: 419 unknown status
Source: Network
Initiator: 
jquery-1.9.1.min.js:5:17824


Request
POST /pay/paynow-nexio HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate, br
Host: domain.dev
Origin: https://domain.dev
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15
Referer: https://domain.dev/create-transaction
Content-Length: 5742
Connection: keep-alive
Cookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; XSRF-TOKEN=eyJpdiI6IllFakhzK1pkMjVyVE9QYTlDL2tZcVE9PSIsInZhbHVlIjoiQll1SjZpbU9aWVkvTUN4cldLWGI1akpTaFNWYVJpWWR4b1JzNFJvY0pGbWg4dEp3dVU4RTRFTGozcmZtc2k4eiIsIm1hYyI6ImRiNDRmN2QyNWJlNGNmODhjMGE0YTM2OTFhMWMzYzBmZWFjYzkxY2Q0Zjk5OWM2MjY3ODk4ZGNlMWM0YzEwZTUifQ%3D%3D
X-Requested-With: XMLHttpRequest
X-CSRF-Token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7

Response
HTTP/1.1 419 unknown status
Set-Cookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; expires=Fri, 20-Aug-2021 03:35:51 GMT; Max-Age=604800; path=/; domain=domain.dev; httponly; samesite=lax
Content-Type: application/json
Keep-Alive: timeout=5, max=100
Date: Fri, 13 Aug 2021 03:35:50 GMT
Content-Length: 41
Cache-Control: no-cache, private
Connection: Keep-Alive
Server: Apache/2.4.38 (Debian)
X-Powered-By: PHP/7.3.29

Request Data
MIME Type: application/x-www-form-urlencoded; charset=UTF-8
_token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7
---rest of form post data ---

JavaScript
 
SummaryURL: https://domain.dev/pay/paynow-nexioStatus: 419 unknown statusSource: NetworkInitiator: jquery-1.9.1.min.js:5:17824​​RequestPOST /pay/paynow-nexio HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=UTF-8Accept: */*Accept-Language: en-usAccept-Encoding: gzip, deflate, brHost: domain.devOrigin: https://domain.devUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15Referer: https://domain.dev/create-transactionContent-Length: 5742Connection: keep-aliveCookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; XSRF-TOKEN=eyJpdiI6IllFakhzK1pkMjVyVE9QYTlDL2tZcVE9PSIsInZhbHVlIjoiQll1SjZpbU9aWVkvTUN4cldLWGI1akpTaFNWYVJpWWR4b1JzNFJvY0pGbWg4dEp3dVU4RTRFTGozcmZtc2k4eiIsIm1hYyI6ImRiNDRmN2QyNWJlNGNmODhjMGE0YTM2OTFhMWMzYzBmZWFjYzkxY2Q0Zjk5OWM2MjY3ODk4ZGNlMWM0YzEwZTUifQ%3D%3DX-Requested-With: XMLHttpRequestX-CSRF-Token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7​ResponseHTTP/1.1 419 unknown statusSet-Cookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; expires=Fri, 20-Aug-2021 03:35:51 GMT; Max-Age=604800; path=/; domain=domain.dev; httponly; samesite=laxContent-Type: application/jsonKeep-Alive: timeout=5, max=100Date: Fri, 13 Aug 2021 03:35:50 GMTContent-Length: 41Cache-Control: no-cache, privateConnection: Keep-AliveServer: Apache/2.4.38 (Debian)X-Powered-By: PHP/7.3.29​Request DataMIME Type: application/x-www-form-urlencoded; charset=UTF-8_token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7---rest of form post data ---​

Answer

As you already guessed, it’s a Safari bug.

https://laracasts.com/discuss/channels/laravel/session-expired-error-419-on-safari-1212-after-updating-to-laravel-7

Related to the same_site setting on the sessions.php

As far as I could find, the only solution is to relax the settings.

Advertisement

Answer