I used Laravel 5.2 as backend API, and AngularJS 2 as front-end framework. Therefore, angular2 would handle all routing. And I followed the official document to make csrf_token in meta tag

<meta name="csrf-token" content="{{ csrf_token() }}">

As angular would handle routing, I set this in app\Exceptions\Handler.php

public function render($request, Exception $e)
    {
        if($e instanceof \Symfony\Component\HttpKernel\Exception\NotFoundHttpException)
        {
            return response()->view('main')->header('Content-Type', 'text/html'); // main.php is my index file in angular2
        }

        return parent::render($request, $e);
    }
}

In this case, when I visit any route that is not in routes.php, Laravel would make the view ( main.php ) and let angular to handle routing.

When I go to my address (my-domain.dev/test) by refreshing the browser address bar, the meta tag csrf-token had null value. And I tried to dd( csrf_token() ) in render function in Handler.php, and it returned null as well.

And I guess, when I first visited my address( by refreshing the browser address bar ), Laravel just throw a NotFoundHttpException and return me to main.php to let angular2 handle routing. In the process, Laravel did not generate a session, therefore the csrf_token() did not generate any token.

So how do I solve this problem?