update

src/MicroweberPackages/App/Http/Middleware/VerifyCsrfToken.php

@@ -26,6 +26,63 @@ protected function addCookieToResponse($request, $response)
 
         return parent::addCookieToResponse($request, $response);
     }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     *
+     * @throws \Illuminate\Session\TokenMismatchException
+     */
+    public function handle($request, \Closure $next)
+    {
+
+
+        $token = $this->getTokenFromRequest($request);
+        dd($token);
+exit;
+
+        if (
+            $this->isReading($request) ||
+            $this->runningUnitTests() ||
+            $this->inExceptArray($request) ||
+            $this->tokensMatch($request)
+        ) {
+            return tap($next($request), function ($response) use ($request) {
+                if ($this->shouldAddXsrfTokenCookie()) {
+                    $this->addCookieToResponse($request, $response);
+                }
+            });
+        }
+
+
+        throw new TokenMismatchException('CSRF token mismatch.');
+    }
+
+
+
+    /**
+     * Determine if the session and input CSRF tokens match.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return bool
+     */
+    protected function tokensMatch($request)
+    {
+
+        $token = $this->getTokenFromRequest($request);
+
+
+        return is_string($request->session()->token()) &&
+            is_string($token) &&
+            hash_equals($request->session()->token(), $token);
+    }
+
+
+
+
     /**
      * Get the CSRF token from the request.
      *
@@ -45,6 +102,7 @@ protected function getTokenFromRequest($request)
         } else {
             $token = CookieValuePrefix::remove($this->encrypter->decrypt( $request->header('X-CSRF-TOKEN'), static::serialized()));
         }
+
         return $token;
     }
     /**

src/MicroweberPackages/Module/routes/web.php

@@ -9,11 +9,11 @@
 Route::group(['namespace' => '\MicroweberPackages\Module\Http\Controllers'], function () {
 
     Route::post('/plupload', 'ModuleController@plupload')->middleware([
-         \MicroweberPackages\App\Http\Middleware\SameSiteRefererMiddleware::class,
-         \MicroweberPackages\App\Http\Middleware\IsAjaxMiddleware::class,
-         \MicroweberPackages\App\Http\Middleware\VerifyCsrfToken::class
+       // \MicroweberPackages\App\Http\Middleware\VerifyCsrfToken::class,
+        \MicroweberPackages\App\Http\Middleware\SameSiteRefererMiddleware::class,
+        \MicroweberPackages\App\Http\Middleware\IsAjaxMiddleware::class
     ]);
-   // Route::any('plupload/{all}', array('as' => 'plupload', 'uses' => 'ModuleController@plupload'))->where('all', '.*');
+    // Route::any('plupload/{all}', array('as' => 'plupload', 'uses' => 'ModuleController@plupload'))->where('all', '.*');
 
     //Route::any('/module/', 'ModuleController@index');
     //Route::any('module/{all}', array('as' => 'module', 'uses' => 'ModuleController@index'))->where('all', '.*');

src/MicroweberPackages/Template/Adapters/RenderHelpers/CsrfTokenRequestInlineJsScriptGenerator.js

@@ -14,19 +14,10 @@ $(document).ready(function () {
 
 
 
-    if (tokenFromCookie === null) {
-        var csrf_from_local_storage_data = mw.cookie.get("csrf-token-data");
-        if (csrf_from_local_storage_data) {
-            csrf_from_local_storage_data = JSON.parse(csrf_from_local_storage_data);
-
-            if (csrf_from_local_storage_data && csrf_from_local_storage_data.value && (new Date()).getTime() < csrf_from_local_storage_data.expiry) {
-                _csrf_from_local_storage = csrf_from_local_storage_data.value
-            }
-        }
-    } else {
+    if (tokenFromCookie) {
         _csrf_from_local_storage = tokenFromCookie;
-    }
 
+    }
 
     if (_csrf_from_local_storage) {
         $('meta[name="csrf-token"]').attr('content', _csrf_from_local_storage);
@@ -40,11 +31,8 @@ $(document).ready(function () {
 
         setTimeout(function () {
             $.post(route('csrf'), function (data) {
-                $.ajaxSetup({
-                    headers: {
-                        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
-                    }
-                });
+                $('meta[name="csrf-token"]').attr('content', data.token);
+
             });
         }, 1337);
     }

userfiles/modules/microweber/api/uploader.js

@@ -360,6 +360,7 @@
                 }
             }
 
+
             var xhrOptions = {
                 url: this.getUrl(),
                 type: 'post',
@@ -390,6 +391,9 @@
                 dataType: 'json',
                 xhr: function () {
                     var xhr = new XMLHttpRequest();
+
+
+
                     xhr.upload.addEventListener('progress', function (event) {
                         if (event.lengthComputable) {
                             var percent = (event.loaded / event.total) * 100;
@@ -399,9 +403,34 @@
                             $(scope).trigger('progressNative', [percent, event]);
                         }
                     });
+
+
+
                     return xhr;
                 }
             };
+            var theToken = null;
+            var tokenFromCookie = mw.cookie.get("XSRF-TOKEN");
+            if(typeof tokenFromCookie !== 'undefined') {
+                theToken = tokenFromCookie;
+            }
+            if(typeof tokenFromCookie === 'undefined') {
+                //
+               var token=mw.top().$('meta[name="csrf-token"]').attr('content');
+               if(token){
+                     theToken = token;
+               }
+
+                //xhrOptions.xhr.setRequestHeader('X-CSRF-TOKEN',token );
+                //   alert(mw.top().$('meta[name="csrf-token"]').attr('content'))
+            }
+            if (theToken) {
+                $.ajaxSetup({
+                    headers: {
+                        'X-CSRF-TOKEN': theToken
+                    }
+                });
+            }
 
             return mw.jqxhr(xhrOptions);
         };