Laravel-VerifyCsrfToken 排除不工作

Question

我在从验证 CSRF 令牌中排除路由时遇到问题。

我正在尝试排除我称为 mydomain.com/example 的端点上的所有请求，所以我在 VerifyCsrfToken.php 文件中这样做。

class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;

    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'example/*',
    ];
}

但这并不能解决问题。如果我在 app/Http/Kernel.php 文件中执行此操作，则一切正常。

有人知道为什么我不能排除特定路线吗？

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            //\App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \Barryvdh\Cors\HandleCors::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
    ];

Answer 1

您通过使用通配符排除了每条路由AFTER“/example”，并且中间件没有在内核中注册，因此甚至没有运行

protected $except = [
    '/example'
];

别忘了取消注释中间件

'web' => [
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\StartSession::class,
    // \Illuminate\Session\Middleware\AuthenticateSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\VerifyCsrfToken::class, // <--- HERE
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
    \Barryvdh\Cors\HandleCors::class,
],

Answer 2

使用

protected $except = [
    '/example/*',
];

不要忘记开头的斜线/。