Laravel API TokenMismatchException
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27944512/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel API TokenMismatchException
提问by goldlife
I have an API call with post data; let's say this is the login process.
我有一个带有发布数据的 API 调用;假设这是登录过程。
With the Postman extension of Chrome I send, via POST, the username and password to log the user in. But I got this message:
使用 Chrome 的 Postman 扩展程序,我通过 POST 发送用户名和密码来登录用户。但我收到了这条消息:
Illuminate \ Session \ TokenMismatchException
In my Base Controller I have:
在我的基本控制器中,我有:
/**
* Initializer.
*
* @return void
*/
public function __construct() {
// CSRF Protection
$this->beforeFilter('csrf', array('on' => 'post'));
// Layouts/Notifications
$this->messageBag = new Illuminate\Support\MessageBag;
}
When I delete the row with the beforeFilter everything works fine. But this cannot be a solution. Any POST call would get this error message. I KNOW that I need this _token. But how I get this token when I call from the API? I know that I can create a token inside Laravel, but how can I do this when I call from outside via API?
当我使用 beforeFilter 删除行时,一切正常。但这不能成为解决方案。任何 POST 调用都会收到此错误消息。我知道我需要这个 _token。但是当我从 API 调用时如何获得这个令牌?我知道我可以在 Laravel 内部创建一个令牌,但是当我通过 API 从外部调用时我该怎么做?
回答by rdiz
Generally API's are used for cross site requests. So your CSRF protection is pointless.
通常 API 用于跨站点请求。所以你的 CSRF 保护是没有意义的。
If you're not gonna use it cross-site, chances are that an API is not the optimal solution for what you're trying to do. Anyway, you couldmake an API endpoint which returns a token.
如果您不打算跨站点使用它,那么 API 可能不是您尝试执行的操作的最佳解决方案。无论如何,您可以创建一个返回令牌的 API 端点。
public function getToken(){
return Response::json(['token'=>csrf_token()]);
}
If you want to disable CSRF-protection on some methods, you could use exceptor only.
如果您想在某些方法上禁用 CSRF 保护,您可以使用except或only。
$this->beforeFilter('csrf', array('on' => 'post',
'except'=>array('methodName', 'anotherMethod')
));
Please refer to the official Laravel documentation.
请参考Laravel 官方文档。
回答by Matt Komarnicki
Absolutely don't usethis approach.
绝对不要使用这种方法。
Open VerifyCsrfTokenclass and define $exceptproperty which will contain an array of routes, where CSRF protection won't be applied.
打开VerifyCsrfToken类并定义$except将包含路由数组的属性,其中不会应用 CSRF 保护。
Example below:
下面的例子:
<?php
declare(strict_types=1);
namespace App\Http\Middleware;
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
'api/auth/login',
'api/*', // this works as well
];
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
}
回答by Sunil
just listen to this. Just before 30 minute i was facing this same problem. Now it solved. just try this.
听听这个。就在 30 分钟之前,我遇到了同样的问题。现在它解决了。试试这个。
Goto App -> HTTP-> Kernel
转到应用程序-> HTTP-> 内核
open the kernel file.
打开内核文件。
there you can see : \App\Http\Middleware\VerifyCsrfToken::class,
在那里你可以看到:\App\Http\Middleware\VerifyCsrfToken::class,
just disable this particular code using //
只需使用 // 禁用此特定代码
Thatz it! This will work!
就是它!这会奏效!
So that you can remove the middleware from the API calling (if you want so..)
这样您就可以从 API 调用中删除中间件(如果您愿意的话……)
