How to pass laravel CSRF token value to vue
Stefan Izdrail
Founder & Senior Architect · 2026-06-29
Title: A Comprehensive Guide on Passing Laravel CSRF Token Value to Vue
Introduction: In a world where security is increasingly important, Laravel makes use of the Cross-Site Request Forgery (CSRF) token to prevent malicious attacks from manipulating your application. It generates a unique token for each user session and needs to be sent with every request made by that user. When working with Vue.js, this might seem tricky since Vue doesn't have built-in support for handling CSRF tokens directly. This blog post will guide you through different methods of passing Laravel CSRF token values to your Vue application.
Method 1: Using a hidden input field within the form
This is probably the easiest and most straightforward method. You can add a hidden input field inside the form that holds the value of the CSRF token, which will be submitted along with the request data. Here's how you could implement this in your Vue code:
//when we actually submit the form, we want to catch the action
new Vue({
el : '#timeline',
data : {
post : '',
token : $('input[name="_token"]').val(), //Get token value from hidden field
},
methods : {
postStatus : function (e) {
e.preventDefault();
console.log('Posted: '+this.post+ '. Token: '+this.token);
$.ajax({
url : '/posts',
type : 'post',
dataType : 'json',
data : {
'body' : this.post,
'_token': this.token,
}
});
}
},
});
Method 2: Using Vuex to store the token
This method is particularly useful when you are working with more complex applications that have multiple components and require centralized data management. You can use Vuex's state-management pattern to store the CSRF token, making it globally accessible across your application:
const app = new Vue({
el : '#timeline',
store, //Create a Vuex store instance
data : {
post : '',
},
methods : {
getToken() {
return $('input[name="_token"]').val();
},
postStatus : function (e) {
e.preventDefault();
console.log('Posted: '+this.post+ '. Token: '+this.store.state.csrfToken);
$.ajax({
url : '/posts',
type : 'post',
dataType : 'json',
data : {
'body' : this.post,
'_token': this.store.state.csrfToken,
}
});
}
},
});
Method 3: Using a computed property in your Vue instance
This method is similar to method 2 but requires less coding and ensures that the token value is always up-to-date. You can create a computed property within your Vue instance, which will automatically update when the hidden input field's value changes:
new Vue({
el : '#timeline',
data : {
post : '',
},
methods : {
getToken() {
return $('input[name="_token"]').val();
},
postStatus : function (e) {
e.preventDefault();
console.log('Posted: '+this.post+ '. Token: '+this._csrf);
$.ajax({
url : '/posts',
type : 'post',
dataType : 'json',
data : {
'body' : this.post,
'_token': this._csrf,
}
});
},
},
computed: {
_csrf() {
return $('input[name="_token"]').val();
},
}
});
Conclusion: There are several ways to pass the Laravel CSRF token value to your Vue application. Each method has its advantages and disadvantages, and it's up to you to choose the one that best suits your project requirements. Always remember to keep your code clean, organized, and secure by following best practices for handling sensitive data like tokens.