0

I installed a fresh Laravel App with authentication. I am using laragon. The login, registration, reset password pages are working fine. I created a profile controller for the user to edit profile. However, when submitting the form through Ajax, it gives me a Forbidden - You don't have permission to access / / /profile/edit_profile on this server.. 

         class ProfileController extends Controller
            {
                //

                function index()
                {
                    return view('profile.index');
                }

                function edit_profile(Request $request)
                {
                    $txt_midname = $request->input('txt_midname');
                    $txt_firstname = $request->input('txt_firstname');
                    $txt_lastname = $request->input('txt_lastname');
                    $extname = $request->input('extname');
                    $user = Auth::user();
                    $user->firstname = $txt_firstname;
                    $user->midname = $txt_midname;
                    $user->lastname = $txt_lastname;
                    if ($user->save()) {
                        return 'ok';
                    }
                }

            }

Here is also the route:

Route::post('/profile/edit_profile', 'ProfileController@edit_profile')->name('edit_profile');

and the view:

            $('#btn_update').on('click', function() {
                var btn_text = $('#btn_update').text();
                var txt_firstname = $.trim($('#txt_firstname').val());
                var txt_midname = $.trim($('#txt_midname').val());
                var txt_lastname = $.trim($('#txt_lastname').val());
                var extname = $.trim($('#extname').val());

                $.post(baseUrl + '/profile/edit_profile', {
                    '_token': token,
                    'txt_midname': txt_midname,
                    'txt_firstname': txt_firstname,
                    'txt_lastname': txt_lastname,
                    'extname': extname
                }, function(data) {
                    if (data == 'ok') {
                        window.location.reload();
                    }
                })
            })

enter image description here

Improve this question

2 Answers 2

Reset to default
1

You need to inject the csrf token to your request.

$.post({
  headers: {
    'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  },
  url: '/admin/gallery/create/ajax',
  data: {}, 
  method: 'POST',
  success: function(response) {
  },
  error: function(error) {
  }
})

or if you want every ajax request inject the csrf token you can do this as well.

$.ajaxSetup({
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
    'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
  }
});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It was my mistake. The problem is with my baseUrl in javascript. It should be var baseUrl = "{{url('')}}";instead of var baseUrl = '{{url('')}}';

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.