I have a ajax call on a laravel blade page. This ajax call works find on Chrome and FF but fails with a 419 every time when using safari. I have tried all the solutions mentioned in different threads on stack.
my latest iteration of the code looks like the following code below. (it is posting after getting a message from an iframe)
<script type="text/javascript">
window.addEventListener('message', function messageListener(event) {
var iframeUrl = "{{ Config::get('app.nexio_url')}}";
var token = "<?php echo session('_token'); ?>";
if (event.origin === iframeUrl) {
console.log('------->event.data', event.data);
console.log('------->', '{{csrf_token()}}');
if(event.data.event === 'processed'){
$.ajax({
type: "POST",
url: "pay/paynow-nexio",
data: {'payment_data':event.data.data.id, '_token':'{{csrf_token()}}', 'response':event.data.data},
cache: false,
success: function(data){
if(data != '')
{
window.location.href = data;
}
}
});
}
}
});
</script>
I even tried adding
$.ajaxSetup({
headers: { 'X-CSRF-Token' : '{{csrf_token()}}' }
});
I am at a loss at what to try next. thanks for any help at all
from the dev tools
Summary URL: https://domain.dev/pay/paynow-nexio Status: 419 unknown status Source: Network Initiator: jquery-1.9.1.min.js:5:17824 Request POST /pay/paynow-nexio HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate, br Host: domain.dev Origin: https://domain.dev User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15 Referer: https://domain.dev/create-transaction Content-Length: 5742 Connection: keep-alive Cookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; XSRF-TOKEN=eyJpdiI6IllFakhzK1pkMjVyVE9QYTlDL2tZcVE9PSIsInZhbHVlIjoiQll1SjZpbU9aWVkvTUN4cldLWGI1akpTaFNWYVJpWWR4b1JzNFJvY0pGbWg4dEp3dVU4RTRFTGozcmZtc2k4eiIsIm1hYyI6ImRiNDRmN2QyNWJlNGNmODhjMGE0YTM2OTFhMWMzYzBmZWFjYzkxY2Q0Zjk5OWM2MjY3ODk4ZGNlMWM0YzEwZTUifQ%3D%3D X-Requested-With: XMLHttpRequest X-CSRF-Token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7 Response HTTP/1.1 419 unknown status Set-Cookie: laravel_session=EhFPvHN4zrpKASQTjBvHkbIytClmZ1RoAsUhGOip; expires=Fri, 20-Aug-2021 03:35:51 GMT; Max-Age=604800; path=/; domain=domain.dev; httponly; samesite=lax Content-Type: application/json Keep-Alive: timeout=5, max=100 Date: Fri, 13 Aug 2021 03:35:50 GMT Content-Length: 41 Cache-Control: no-cache, private Connection: Keep-Alive Server: Apache/2.4.38 (Debian) X-Powered-By: PHP/7.3.29 Request Data MIME Type: application/x-www-form-urlencoded; charset=UTF-8 _token: UBLZCBfBJwMOdieJZzEl09k2OBgwkBnG7pZchjW7 ---rest of form post data ---
Advertisement
Answer
As you already guessed, it’s a Safari bug.
Related to the same_site setting on the sessions.php
As far as I could find, the only solution is to relax the settings.