Framework: VerifyCsrfToken doesn't play well with Responsables
- Laravel Version: 5.8.34
- PHP Version: 7.3
- Database Driver & Version: MySQL 5.7.X
Description:
I'm seeing users getting this error:
Undefined property: Inertia\Response::$headers {"exception":"[object] (ErrorException(code: 0): Undefined property: Inertia\Response::$headers at …/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:180)
The Inertia\Response class implements the Responsable interface.
When VerifyCsrfToken tries to add cookies to a Responsable object, it triggers an error. The problem is that if the Responsable hasn't been transformed to a response yet, the $headers property might not exist.
We (temporarily) solved this by overwriting the method in our own VerifyCsrfToken middleware.
use Inertia\Response;
//
protected function addCookieToResponse($request, $response)
{
if ($response instanceof Response) {
$response = $response->toResponse($request);
}
return parent::addCookieToResponse($request, $response);
}
Shouldn't Laravel unwrap the Responsable before adding the cookie?
Steps To Reproduce:
I don't have any exact reproduction steps... It depends on the code path, it doesn't always fail, but I've yet to find the root cause.
sebastiandedeyne
All 3 comments
Hmm, I think you're right and that this is indeed a bug. Can you send in a PR?
driesvints
on 3 Sep 2019
Send it to the 6.x branch.
driesvints
on 3 Sep 2019
Can do! I'll make some time early next week.
sebastiandedeyne
on 6 Sep 2019
Related issues
YannPl
·
3Comments
gabriellimo
·
3Comments
jackmu95
·
3Comments
CupOfTea696
·
3Comments
felixsanz
·
3Comments
Most helpful comment
Can do! I'll make some time early next week.