CSRF token mismatch error

[guigralho]

• L5-Swagger Version: 8.5.0
• PHP Version (php -v): 8.2.6
• OS: ubuntu 22

When I make requests via the swagger documentation, the X-CSRF-TOKEN on header is null all the times and I get the SRF token mismatch error

[lpovkhan]

Looks like documentation routes need middleware "web" php artisan vendor:publish --provider "L5Swagger\L5SwaggerServiceProvider" and in config/l5-swagger.php: defaults-> middleware[ 'api' => ['web'], 'asset' => [], 'docs' => [], 'oauth2_callback' => [], ]

[OsamaAlmamri]

in kernel file section api commit this middleare \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,

    'api' => [
     // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

[quanghuybest2k2]

Fixed this issue by updating file app/Http/Middleware/VerifyCsrfToken.php

Add /api/* item to $except array:

protected $except = [
  "/api/*"
];

[vibonacci]

@quanghuybest2k2 You're disabling the CRSF checks for all API routes. That is NOT recommended. CSRF tokens are important if API calls are made from browser/web.

[JacksonPorter7478]

• L5-Swagger Version: 8.5.0 -PHP Version (php -v): 8.2.12 -OS: windows -laravel/framework: 9.52.16

I have same errors. I try to fix that error according to your tips but I can't fix that error and I have same so.

[marcelodmdo]

Looks like documentation routes need middleware "web" php artisan vendor:publish --provider "L5Swagger\L5SwaggerServiceProvider" and in config/l5-swagger.php: defaults-> middleware[ 'api' => ['web'], 'asset' => [], 'docs' => [], 'oauth2_callback' => [], ]

This works like charm. Looks the right and safe way. That's right?