Laravel csrf_field() - 仅适用于 method="POST" 的表单?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/42702810/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel csrf_field() - only for forms with method="POST"?
提问by PeraMika
I know nothing about CSRF attacks, but I know that in Laravel we are supposed to include a hidden CSRF token field in the form:
我对 CSRF 攻击一无所知,但我知道在 Laravel 中我们应该在表单中包含一个隐藏的 CSRF 令牌字段:
<form method="POST" action="/profile">
{{ csrf_field() }}
...
</form>
Should we use include it in the forms with method="GET"?
我们应该将它包含在带有 method="GET" 的表单中吗?
<form method="GET" action="/search">
{{ csrf_field() }}
...
</form>
For example, I have a search input (form) with the method="GET" - so everything will be visible in the URL, including CSRF token... and that's not problem for me at all, but I'm just unsure does it make sense to have it in the "GET" forms?
例如,我有一个带有 method="GET" 的搜索输入(表单) - 所以一切都将在 URL 中可见,包括 CSRF 令牌......这对我来说根本不是问题,但我只是不确定把它放在“GET”表格中有意义吗?
回答by Qazi
Well, you don't need to add CSRF token with Form Get Request. Cross-site request forgeries(CSRF) are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
好吧,您不需要使用 Form Get Request 添加 CSRF 令牌。跨站点请求伪造 (CSRF) 是一种恶意利用,其中代表经过身份验证的用户执行未经授权的命令。
You can basic details over Here
您可以在此处了解基本信息
