VerifyCsrfToken 中的 TokenMismatchException - Laravel 5.1

【问题标题】:TokenMismatchException in VerifyCsrfToken - Laravel 5.1VerifyCsrfToken 中的 TokenMismatchException - Laravel 5.1
【发布时间】:2015-11-14 02:30:48
【问题描述】:

我正在使用 Laravel 5.1 构建 REST API,但出现此错误:

TokenMismatchException in VerifyCsrfToken.php line 53:

这是我的 routes.php:

Route::controller('city' , 'CityController' );

城市控制器:

class CityController extends Controller
{  
   public function postLocalities()
  {
    $city = Input::get('cityName');
    $response = $city;
    return $response;
   }
}

这是我点击 URL 时错误的 Stacktrace http://localhost:8000/city/localities?cityName=bangalore 使用 POST 方法。

TokenMismatchException in VerifyCsrfToken.php line 53:

in VerifyCsrfToken.php line 53
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in     
ShareErrorsFromSession.php line 54
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'),     
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in     
StartSession.php line 62
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'),   
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in   
AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'),    
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in     EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'),     
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in     
CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'),   
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Kernel.php line 122
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 87
at Kernel->handle(object(Request)) in index.php line 54
at require_once('C:\Users\betaworks02\Documents\gharbhezoBackend\public\index.php') in server.php line 21

【问题讨论】:

标签: php laravel laravel-5 laravel-routing laravel-5.1


【解决方案1】:

我遇到了同样的错误,但有关于覆盖 CSRF 验证的所有警告,我不想更改这些设置。

我最终发现 /config/session.php 中的会话驱动程序默认为 memcached,并且由于我在开发服务器上,我需要使用“文件”覆盖 SESSION_DRIVER 环境变量以使用 /storage/ 中的会话框架/会话。

/.env

SESSION_DRIVER = file

【讨论】:

    【解决方案2】:

    您不需要从您的应用中完全覆盖 CFSR 令牌。在您的 App/Http/Midlleware 文件夹中,转到 VerifyCsrfToken.php 并将您的 API 路由包含到异常中,如下所示:

    /**
 * The URIs that should be excluded from CSRF verification.
 *
 * @var array
 */
protected $except = [
    'api/*',
];

    * 表示您 API 中的所有路由。

    【讨论】:

    • 这个答案原来更安全。
    • 最好和最简单的方法
    【解决方案3】:

    如果您正在构建 API,最好将 CRSF 中间件放置在每个路由的基础上,而不是将其放置为全局中间件。要将其作为路由中间件,请转到“/app/Http/Kernel.php”文件。 

    /**
 * The application's global HTTP middleware stack.
 *
 * @var array
 */
protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    //comment out to avoid CSRF Token mismatch error
    // 'App\Http\Middleware\VerifyCsrfToken',
];

/**
 * The application's route middleware.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => 'App\Http\Middleware\Authenticate',
    'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
    'cors' => 'App\Http\Middleware\CorsMiddleware',
    'api' => 'App\Http\Middleware\ApiMiddleware',
    'csrf' => 'App\Http\Middleware\VerifyCsrfToken'// add it as a middleware route

    现在你可以把它放在你需要它的路线上,例如

    Route::get('someRoute', array('uses' => 'HomeController@getSomeRoute', 'middleware' => 'csrf'));

    对于您不需要 CSRF 令牌匹配的情况,它现在应该可以正常工作了。

    【讨论】:

    • 终极!现在工作超级好。我搜索了很多正确的解决方案,但每个人都解决了与 html 表单相关的问题。你给了我正确的答案。非常感谢:)
    • 如何在 Laravel5.2 中实现?
    猜你喜欢
    • 2017-01-20
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-03-10
    • 2015-09-05
    • 2016-06-29
    • 2016-03-03
    • 2016-06-16
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode