Thursday, 19 March 2026

Missing Required Parameter for [Route: password.reset] [URI: password/reset/{token}] [Missing parameter: token]

If you are using Laravel authentication and get the error:

"Missing required parameter for [Route: password.reset] [URI: password/reset/{token}] "[Missing parameter: token]”

Don't worry; you're not the only one. This is a problem that many developers run into when they try to add password reset features to Laravel. In this long, SEO-friendly guide, we'll talk about why this error happens, how Laravel handles password resets, and the exact steps you need to take to fix it.

What does this mistake mean?

This error means that Laravel expected a required parameter called but it wasn't given when the route was created or accessed:

password/reset/{token}

In Laravel, the ability to reset a password depends a lot on a unique token that is sent to the user's email. This token makes sure that only the person who is supposed to can change their password.

This error happens when Laravel can't continue because the token is missing.

Why This Problem Happens

There are a number of reasons why this problem might show up in your Laravel app:

1. Token Not Found in Route Generation

You need to pass the token when making a URL to reset your password:

route('password.reset', ['token' => $token])

Laravel will give you an error if you forget to add the token.

2. Using the wrong blade template

If your reset link looks like this when you use Blade templates:

<a href="{{ route('password.reset') }}">Reset Password</a>

This is wrong because the token isn't passed. You need:

<a href="{{ route('password.reset', $token) }}">Reset Password</a>

3. Email Notification Issue

Notifications are used by Laravel to send emails to reset passwords. The reset link will not work if the token is not passed correctly in the email template.

Example of correct usage:

$url = route('password.reset', [
    'token' => $this->token,
    'email' => $notifiable->getEmailForPasswordReset(),
]);

4. Custom Authentication Implementation Errors

You might forget the token parameter if you have customized Laravel authentication, like by using custom guards or APIs.

5. Wrongly set up routes

Make sure you have the right route:

Route::get('password/reset/{token}', [ResetPasswordController::class, 'showResetForm'])
    ->name('password.reset');

If it{token} is needed but not passed, the error will happen.

How to Reset Your Laravel Password

To better understand the problem, let's quickly go over how Laravel handles password resets:

  1. The user sends an email to change their password.

  2. Laravel makes a token that is different for each request.

  3. The database (table) keeps the token.

  4. Email with a link to reset:

    /password/reset/{token}?email=user@example.com
    
  5. The user clicks on the link.

  6. Laravel checks the token and lets you reset your password.

The whole process stops if step 4 doesn't include the token.

Fix It Step by Step

To fix the error, do the following:

Step 1: Look at the Route Definition

Be sure to include{token}:

Route::get('password/reset/{token}', function ($token) {
    return view('auth.reset-password', ['token' => $token]);
})->name('password.reset');

Step 2: Pass Token in Route Helper

When you make the reset URL, always add the token:

route('password.reset', ['token' => $token])

Step 3: Fix the Blade Templates

Update your Blade files:

<a href="{{ route('password.reset', ['token' => $token]) }}">
    Reset Password
</a>

Step 4: Verify Email Notification

If you use Laravel's built-in notification, make sure it has the token:

public function toMail($notifiable)
{
    return (new MailMessage)
        ->line('You are receiving this email because...')
        ->action('Reset Password', url(route('password.reset', [
            'token' => $this->token,
            'email' => $notifiable->email,
        ], false)));
}

Step 5: Look over the controller logic

Make sure your controller is getting the token:

public function showResetForm(Request $request, $token = null)
{
    return view('auth.reset-password')->with(
        ['token' => $token, 'email' => $request->email]
    );
}

Step 6: Debug Missing Token

If you're still having problems:

  • Use itdd($token)⁣ to see if it is there.to see if it is there.

  • Check out the URL that is being made.

  • Look closely at the links in your email.

Things You Shouldn't Do

Here are some things that developers often do wrong:

  • Not remembering to pass in route().

  • Hardcoding reset URLs that don't have any parameters.

  • Incorrectly overriding the default Laravel authentication.

  • Not sending the parameter with the token.

  • Using the wrong names for routes.

Best Ways to Do Things

To avoid this error in the future:

Always Use Named Routes

route('password.reset', ['token' => $token])

 Validate Token Before Use

Ensure the token exists before rendering:

if (!$token) {
    abort(404);
}

Use Laravel Built-in auth system.

Laravel’s default authentication handles everything correctly. Avoid unnecessary customization unless required.

Keep Email Templates Updated

Always check the reset link if you change email templates.

In conclusion

Once you know what causes the "Missing required parameter: token" error in Laravel, it's easy to fix. That just means that Laravel was expecting a token but didn't get one.

By making sure that:

  • Your routes are set up correctly.

  • When making URLs, the token is always passed.

  • Your Blade templates and email alerts are set up correctly.

You can easily fix this problem and get your password reset feature back.

This guide will not only help you fix the problem, but it will also help you learn more about how Laravel's authentication system works.

If you're still having trouble, you can debug it step by step or share your code for more help.

Wednesday, 18 March 2026

Laravel Symfony Mailer: Unable to Connect with STARTTLS Due to Peer Certificate Hostname Mismatch (HIN.CH SMTP)

Email is an important part of modern web apps, and Laravel makes it easy by including the powerful Symfony Mailer. However, developers sometimes have trouble setting up SMTP services. One of these common mistakes is

"Can't connect to STARTTLS because the peer certificate hostname doesn't match."

When using secure SMTP providers like HIN.CH, this problem often happens. In this article, we'll explain what caused this error and show you how to fix it in Laravel step by step.

What does this mistake mean?

When your Laravel app tries to make a secure connection with STARTTLS but the SSL certificate from the mail server doesn't match the hostname you're connecting to, this error happens.

To put it simply:

Your app connects to an SMTP server, like mail.hin.ch.

The server shows an SSL certificate.

Laravel checks to see if the certificate hostname and the SMTP host are the same.

For security reasons, the connection is denied if it doesn't match.

This is a built-in safety feature that stops man-in-the-middle attacks.

Why does HIN.CH SMTP do this?

HINCH is a safe email service that is mostly used in healthcare settings. It has strict SSL/TLS security rules. Most of the time, the mismatch happens because of:

Your Laravel .env file has the wrong SMTP hostname.

Using an IP address instead of a domain name.

The certificate is set up for a different subdomain.

Problems with the local DNS or the server settings not being set up correctly.

Typical Signs

You might notice the following when this problem happens:

No emails are going out.

Laravel logs show errors with STARTTLS or SSL.

Problems with Symfony Mailer connections.

Errors with handshakes or timeouts.

Step-by-Step Fix

1. Verify SMTP Hostname

The first and most important thing to do is make sure that your SMTP host and certificate match.

In your .env file:

MAIL_MAILER=smtp
MAIL_HOST=mail.hin.ch
MAIL_PORT=
MAIL_USERNAME=your_username
MAIL_PASSWORD=your_password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=your@email.com
MAIL_FROM_NAME="${APP_NAME}"

Make sure:

You are using the right hostname that HIN.CH gave you.

Don't use an IP address.

Don't use aliases unless the provider says it's okay.

2. Manually check the SSL certificate

You can check the certificate with OpenSSL:

connect mail.hin.ch:587 -starttls smtp with openssl s_client

Check for:

subject= field (should be the same as hostname)

issuer=

Warnings about any mismatches

Laravel will not let you connect if the certificate hostname does not match MAIL_HOST.

3. Change the settings for Laravel Mail

Symfony Mailer is what Laravel uses behind the scenes. In config/mail.php, you can change the settings.

If you need to, set up custom stream options:

'mailers' => [

    'smtp' => [

        'transport' => 'smtp',

        'host' => env('MAIL_HOST'),

        'port' => env('MAIL_PORT'),

        'encryption' => env('MAIL_ENCRYPTION'),

        'username' => env('MAIL_USERNAME'),

        'password' => env('MAIL_PASSWORD'),

        'timeout' => null,

        'stream' => [

            'ssl' => [

                'verify_peer' => true,

                'verify_peer_name' => true,

                'allow_self_signed' => false,

            ],

        ],

    ],

],

This makes sure that strict verification is done, which is what is needed in production environments.

4. Temporary Workaround (Not Recommended for Production)

You can turn off hostname verification for a short time if you are debugging or testing on your own computer:

"stream" => [

    'ssl' => [

        'verify_peer' => false,

        'verify_peer_name' => false,

        'allow_self_signed' =>

    ],

],

Warning:

This lowers security and should never be used in production.

5. Use Correct Port and Encryption

HIN.CH SMTP typically supports:

Port 587 → TLS (STARTTLS)

Port 465 → SSL

Ensure your configuration matches:

MAIL_PORT=

MAIL_ENCRYPTION=tls

If you switch to SSL:

MAIL_PORT=

MAIL_ENCRYPTION=ssl

Mismatch between port and encryption can also trigger errors.

6. Clear Laravel Cache

Always clear the cache after changing the settings:

php artisan config:clear
php artisan cache:clear
php artisan config:cache

Changes may not take effect right away because Laravel caches configuration.

7. Look into problems in your area

Sometimes the problem isn't with Laravel; it's with your computer:

CA certificates that are no longer valid.

The system time is wrong.

Firewall is blocking SMTP ports.

Antivirus is messing with SSL.

Refresh the certificates on your system:

update-ca-certificates with sudo


8. Contact SMTP Provider

If everything looks good, get in touch with HIN.CH support to confirm:

The right SMTP hostname. 

Ports and encryption are needed. 

Details about the certificate. 

They might give you a specific hostname that matches the SSL certificate. 

Best Practices to Avoid This Issue

To avoid making this mistake in future projects:
Use domain names instead of IP addresses all the time. 
Make sure your system's CA certificates are up to date. 
Make sure the SMTP host matches the SSL certificate exactly. 
Do not turn off SSL verification in production. 
Before you deploy, check the SMTP connection. 

Final Thoughts

The Laravel error "Unable to connect with STARTTLS due to peer certificate hostname mismatch" is mostly a problem with security validation. It may seem hard at first, but the main reason is usually that the SMTP hostname and SSL certificate don't match.

You can quickly fix this problem and get your Laravel app's email working again by carefully checking your SMTP settings, making sure your SSL is set up correctly, and not using insecure workarounds. 

When working with sensitive services like HIN.CH, it's very important to use secure email. Always put proper configuration ahead of shortcuts to keep both functionality and security. 

Tuesday, 17 March 2026

How to Fix Laravel 12 CORS Error: No ‘Access-Control-Allow-Origin’ Header is Present

Introduction

If you're using Laravel 12 to build APIs for a frontend app like React, Vue, or Angular, you might run into a common problem:

"There is no 'Access-Control-Allow-Origin' header on the resource you asked for."

This is a Cross-Origin Resource Sharing (CORS) error. It usually happens when your front end and back end are on different ports or domains. Laravel 12 says it has built-in CORS support, but many developers still have problems because they haven't set it up correctly or have missed steps.

This guide will show you how to fix and debug CORS problems in Laravel 12 the right way.

Thursday, 5 March 2026

Laravel DomPDF Package – Generate PDF in Laravel

Understanding the Package

One of the most popular tools that developers use to make PDF files directly from HTML views is the Laravel DomPDF package. It lets you turn your Laravel Blade templates into PDF files that people can download or view with very little work. Laravel already uses Blade templating, so it's easy to make PDFs with HTML.

In today's web apps, making PDFs is often necessary for things like invoices, reports, receipts, user summaries, and documents that can be downloaded. Developers don't have to make PDFs by hand anymore; they can just design an HTML layout and use DomPDF to turn it into a PDF file. This saves time during development and makes sure the design matches the web interface.

The DomPDF library changes HTML and CSS into PDF files. This means that developers can use CSS to style the PDF and HTML elements like tables, headings, and images to organize the content. The program makes a document that looks professional on its own.

Laravel developers like DomPDF because it works well with Laravel projects. With only a few lines of code, you can make a Blade view, turn it into a PDF, and either stream it to the browser or download it as a file.

Saturday, 16 December 2023

Laravel csrf token mismatch for ajax post request

It usually happens when the tokens don't match in both sessions and are sent and received in requests.
A CSRF token keeps Laravel safe from attacks that try to get it to make requests from other websites.

Common Reasons for CSRF Token Mismatch 

Here are the most common reasons why developers run into this error:

  • The request did not include a token.
  • The session has ended.
  • The cookie domain or path doesn't match.
  • The token is not being sent with the AJAX request.
  • Old pages are stored in the browser's cache.
  • Settings for the session driver are wrong
  • Problems with HTTPS cookies
  • Incorrect setup of middleware
  • Problems with permissions in Laravel storage folders

Missing Required Parameter for [Route: password.reset] [URI: password/reset/{token}] [Missing parameter: token]

If you are using Laravel authentication and get the error: "Missing required parameter for [Route: password.reset] [URI: password/reset...