WWW+WWWForm 500 Internal Server Error

I am trying to send data to a webserver via WWWForm but I get this error. Looking into apache logs, I can see unity accessing the requested page but there is no error in logs. The server side code is ok, I’ve tested it with a GET from unity and is doing what is suppose to do. But when I switch to sending data with wwwform via POST I get “500 Internal Server Error” no matter what i do.

Using GET like this WWW www = new WWW(url + “?field1=”+value1+“&field2=value”+“&field3=”+value3); works as intended without any error.

Here is a test I’ve done outside of my game:

using UnityEngine;
using System.Collections;

public class senddata : MonoBehaviour
{
	private bool once = false;
	WWW www = null;

    void OnGUI()
    {
        if (GUI.Button(new Rect(Screen.width / 2 - 100, Screen.height / 2 - 20, 200, 40), "Send"))
		{	
			StartCoroutine("Send");
        }


    }

	IEnumerator Send()
	{
		WWWForm form = new WWWForm();
		form.AddField("f1", "value 1", System.Text.Encoding.UTF8);
		form.AddField("f2", "value 2", System.Text.Encoding.UTF8);
		form.AddField("f3", "value 3", System.Text.Encoding.UTF8);
		www = new WWW("obscured", form);

		yield return www;

		if(!string.IsNullOrEmpty(www.text) && !once)
		{
			Debug.Log(www.text);
			once = true;
		}
	}
}

Spent some time on this same issue, framework was Laravel 5.0.
Laravel uses csrf tokens to prevent cross-site request forgeries, you can disable that by editing app/Http/Kernel.php, commenting out this line:

'App\Http\Middleware\VerifyCsrfToken',

Hope this helps someone.

I will answer myself to this since I found the problem.
I use Codeigniter framework on the server side and this had the Cross Site Request Forgery and Global XSS Filtering on. Disabling them removed my problem.

If I understand correctly: both these solutions deactivate a security check on the frameworks.

I’m using Laravel and I wanted to keep the security active except for a few routes requested by my Unity game.

It would seem that Laravel offers this possibility (as described in Excluding URIs From CSRF Protection) but after many tests it didn’t seem to work. Looking at the code, I’m not sure the $except var is used by the framework…

I found this solution wich does the trick.

Basically, rewrite the handle() funcion in App\Http\Middleware\VerifyCsrfToken.php so that it takes the $except var into account.
Beware if you copy their code paste, they renamed $except to $except_urls.

public function handle($request, Closure $next) {

        $regex = '#' . implode('|', $this->except_urls) . '#';
        if ($this->isReading($request) || $this->tokensMatch($request) || preg_match($regex, $request->path()))
        {
            return $this->addCookieToResponse($request, $next($request));
        }

        throw new TokenMismatchException;
    }