A friend and I have built a Laravel/Livewire site to help all of us who are quarantined find live streams to watch (for education, entertainment, etc.). We are in a quiet beta but you can access it at
The home page is a Livewire component that searches our database for streams and it works great - thanks Caleb and others who have helped me with issues getting this far. We have a friend who runs a local newspaper where he is trying to wrap our site in an iFrame on his site, so people from there can access our streams. You can see this at:
https://www.montereycountyweekly.com/events/
The problem is that if you try to search from the search bar, you will immediately get a 419 error, which is Laravel’s way of saying the CSRF token is bad or expired. I have tried adding the above domain to the $except
property of the VerifyCsrfToken
middleware, but that doesn’t seem to have any effect - they all immediately return a 419 error.
If you look in dev tools at the Livewire requests, the ones directly from our site have an XSRF-TOKEN
cookie set and the ones from the iFrame site do not. Is this something I can do in javascript? Is there some other solution?
Thank you for your help!! (And feedback on our site welcome! )