My AJAX post contains the correct token header but I still get a TokenMismatchException

I have an Angular.js and Laravel web application. All my ajax posts and get requests to the laravel app/server result in a TokenMismatchException even though my requests do contain the headers X-CSRF-TOKEN and _token with the correct values.

What the heck could be going wrong here? I’m quite confused what the issue is. I’ll explain relevant information below and hopefully you can provide some insight.


Route::group(array('middleware' => 'auth'), function () {

    Route::group(array('middleware' => 'admin', 'prefix' => 'admin'), function () {

        Route::get('foo', array(
            'as' => 'foo-bar',
            'uses' => '[email protected]'  // myFoo does nothing but return some json dummy text


class AdminMiddleware
    protected $auth;

    public function __construct(Guard $auth) {
        $this->auth = $auth;

    public function handle($request, Closure $next)
        if (!$this->auth->user()->is_Admin) {
            return Redirect::route('home');
        return $next($request);


class VerifyCsrfToken extends BaseVerifier {

    public function handle($request, Closure $next)
        // Below I confirm that the request headers do 
        // contain X-CSRF-TOKEN and _token and have the correct values
        Log::info(print_r($request, true));

        return parent::handle($request, $next);



adminSector.controller('MyCtrl', ['$scope', '$http', function ($scope, $http) {

    // I have confirmed that the meta tag below is in the HTML head element and contains the correct token
    $http.defaults.headers.common['X-CSRF-TOKEN'] = $('meta[name="csrf-token"]').attr('content');
    $http.defaults.headers.common['_token'] = $('meta[name="csrf-token"]').attr('content');

    // Function called when I click a button
    $ = function () {
        $http.get('/admin/foo').success(function (data) {
            console.log('data', data); 


So the above post call fails with the error: TokenMismatchException in VerifyCsrfToken.php line 67:. But if I login as an admin and just go directly to it succeeds and shows the JSON response. What the heck is going wrong?