How to pass laravel CSRF token value to vue

Stefan Izdrail

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: A Comprehensive Guide on Passing Laravel CSRF Token Value to Vue Introduction: In a world where security is increasingly important, Laravel makes use of the Cross-Site Request Forgery (CSRF) token to prevent malicious attacks from manipulating your application. It generates a unique token for each user session and needs to be sent with every request made by that user. When working with Vue.js, this might seem tricky since Vue doesn't have built-in support for handling CSRF tokens directly. This blog post will guide you through different methods of passing Laravel CSRF token values to your Vue application. Method 1: Using a hidden input field within the form This is probably the easiest and most straightforward method. You can add a hidden input field inside the form that holds the value of the CSRF token, which will be submitted along with the request data. Here's how you could implement this in your Vue code:
//when we actually submit the form, we want to catch the action
    new Vue({
        el      : '#timeline',
        data    :   {
            post    : '',
            token   : $('input[name="_token"]').val(), //Get token value from hidden field
        },
        methods : {
            postStatus : function (e) {
                e.preventDefault();
                console.log('Posted: '+this.post+ '. Token: '+this.token);
                $.ajax({
                    url         :   '/posts',
                    type        :   'post',
                    dataType    :   'json',
                    data        :   {
                        'body'  :   this.post,
                        '_token':   this.token,
                    }
                });
            }
        },
    });
Method 2: Using Vuex to store the token This method is particularly useful when you are working with more complex applications that have multiple components and require centralized data management. You can use Vuex's state-management pattern to store the CSRF token, making it globally accessible across your application:
const app = new Vue({
    el      : '#timeline',
    store, //Create a Vuex store instance
    data    :   {
        post    : '',
    },
    methods : {
        getToken() {
            return $('input[name="_token"]').val();
        },
        postStatus : function (e) {
            e.preventDefault();
            console.log('Posted: '+this.post+ '. Token: '+this.store.state.csrfToken);
            $.ajax({
                url         :   '/posts',
                type        :   'post',
                dataType    :   'json',
                data        :   {
                    'body'  :   this.post,
                    '_token':   this.store.state.csrfToken,
                }
            });
        }
    },
});
Method 3: Using a computed property in your Vue instance This method is similar to method 2 but requires less coding and ensures that the token value is always up-to-date. You can create a computed property within your Vue instance, which will automatically update when the hidden input field's value changes:
new Vue({
    el      : '#timeline',
    data    :   {
        post    : '',
    },
    methods : {
        getToken() {
            return $('input[name="_token"]').val();
        },
        postStatus : function (e) {
            e.preventDefault();
            console.log('Posted: '+this.post+ '. Token: '+this._csrf);
            $.ajax({
                url         :   '/posts',
                type        :   'post',
                dataType    :   'json',
                data        :   {
                    'body'  :   this.post,
                    '_token':   this._csrf,
                }
            });
        },
    },
    computed: {
        _csrf() {
            return $('input[name="_token"]').val();
        },
    }
});
Conclusion: There are several ways to pass the Laravel CSRF token value to your Vue application. Each method has its advantages and disadvantages, and it's up to you to choose the one that best suits your project requirements. Always remember to keep your code clean, organized, and secure by following best practices for handling sensitive data like tokens.