When I realized this was only happening in IE and Chrome, but not Firefox, it led me to the fix. The app was using AddThis share buttons and the javascript was adding an iframe to the pages. This issue is resolved by adding a P3P header to the VerifyCsrfToken Middleware. Hope this saves somebody the hours I lost.
public function handle($request, Closure $next)
{
$response = $next($request);
if (last(explode('\',get_class($response))) != 'RedirectResponse') {
$response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
}
return $response;
}
http://stackoverflow.com/questions/30490821/laravel-5-tokenmismatchexception-on-php-5-6-9