Laravel 419 错误 - VerifyCsrfToken 问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/52764590/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel 419 Error - VerifyCsrfToken issue
提问by Chad
I have multiple Laravel sites hosted on the same server. With the latest site I've created, the contact form refuses to submit without throwing a 419 error. I have set up the routing in my web.php file just like the other websites, which have live, working contact forms, and I'm generating and sending the token exactly the same way - with {{ csrf_field() }}.
我在同一台服务器上托管了多个 Laravel 站点。使用我创建的最新站点,联系表单拒绝提交而不会引发 419 错误。我已经在我的 web.php 文件中设置了路由,就像其他网站一样,这些网站具有实时、有效的联系表单,并且我生成和发送令牌的方式完全相同 - 使用{{ csrf_field() }}.
I found an answer to a similar question stating that you can disable Csrf checking by adding entries to the $exceptarray in app/Http/Middleware/VerifyCsrfToken.php. I have verified that this does indeed resolve the 419 error:
我找到了答案,以类似的问题,指出您可以禁用CSRF通过将条目添加到检查$except数组app/Http/Middleware/VerifyCsrfToken.php。我已经验证这确实解决了 419 错误:
protected $except = [
'contact',
'contact*',
];
But of course I wish to keep the Csrf functionality, and I only updated the $exceptarray for troubleshooting value.
但是当然我希望保留 Csrf 功能,并且我只更新了$except数组以用于故障排除值。
Does anyone know what may be different about the new Laravel environment that would have this 419 behavior despite passing the generated token? I have tried updating a number of ENV settings and toggling different things, but nothing other than modifying the $exceptarray has had any influence on the issue.
有谁知道尽管传递了生成的令牌,但新的 Laravel 环境可能会有这种 419 行为?我已经尝试更新许多 ENV 设置并切换不同的东西,但除了修改$except数组外,没有其他东西对这个问题产生任何影响。
Update
更新
Since there has been a bit of discussion so far, I figured I'd provide some additional info and code.
由于到目前为止已经有一些讨论,我想我会提供一些额外的信息和代码。
First, this is an ajax form, but don't jump out of your seat just yet. I have been testing the form both with and without ajax. If I want to test with ajax, I just click the button that's hooked up to the jQuery listener. If not, I change or remove the button's ID, or run $("#formName").submit();in the console window.
首先,这是一个 ajax 形式,但现在不要跳出你的座位。我一直在测试有和没有 ajax 的表单。如果我想用 ajax 进行测试,我只需单击连接到 jQuery 侦听器的按钮。如果没有,我会更改或删除按钮的 ID,或者$("#formName").submit();在控制台窗口中运行。
The above (ajax, old-fashioned submit, and the jquery selector with .submit();) all result in the exact same response - a 419 error.
以上(ajax、老式提交和带有 的 jquery 选择器.submit();)都导致完全相同的响应 - 419 错误。
And for the sake of completeness, here's my ajax code which is working on all of the other websites I'm hosting. I define a postData array to keep it all tidy, and I added a console.log()statement directly after it to (again) confirm that token is generated just fine and is being passed correctly with the request.
为了完整起见,这里是我的 ajax 代码,它适用于我托管的所有其他网站。我定义了一个 postData 数组来保持它的整洁,并console.log()在它之后直接添加了一个语句来(再次)确认令牌生成得很好并且正在与请求一起正确传递。
var postData = {
name: $("#name").val(),
email: $("#email").val(),
message: $("#message").val(),
_token: $("input[name=_token]").val()
};
console.log(postData);
$.post("/contact", postData, function (data) {
...
Any ideas? Could there be a configuration issue with my ENV or another file?
有任何想法吗?我的 ENV 或其他文件是否存在配置问题?
Progress Update!
进度更新!
Because the other sites are working just fine, I cloned an old site and simply overwrote the files that I changed for the new website, and bam! It's working now. Doing a little bit more digging, I ran php artisan --versionon the cloned version of the site versus the non-working version, and here are the results:
因为其他站点运行良好,我克隆了一个旧站点并简单地覆盖了我为新站点更改的文件,砰!它现在正在工作。做更多的挖掘,我运行php artisan --version了站点的克隆版本与非工作版本,结果如下:
Working Version: Laravel Framework 5.7.3
Non-working Version: Laravel Framework 5.7.9
工作版本:Laravel 框架 5.7.3
非工作版本:Laravel Framework 5.7.9
Perhaps this is a bug with Laravel? Or perhaps some packages on my server are out of date and need to be updated to work with the new version of Laravel?
也许这是 Laravel 的一个错误?或者我服务器上的某些软件包可能已经过时,需要更新才能与新版本的 Laravel 一起使用?
回答by Magus
just found your issue on the framework repo. It is not a laravel issue, your installation is missing write permissions on the storage folder, thus laravel can't write session, logs, etc.
刚刚在框架回购中发现了您的问题。这不是 Laravel 问题,您的安装缺少存储文件夹的写入权限,因此 Laravel 无法写入会话、日志等。
You get a 419 error because you can't write to the files, thus you can't create a sessionn, thus you can't verify the csrf token.
您收到 419 错误,因为您无法写入文件,因此您无法创建 sessionn,因此您无法验证 csrf 令牌。
Quick fix: chmod -R 777 storage
快速解决: chmod -R 777 storage
Right fix: move your installation to a folder where nginx/apache/your user can actually write.
If you are using nginx/apache, move you app there and give the right permissions on the project (chown -R www-data: /path-to-project)If you are using php artisan serve, change it's permissions to your user: chown -R $(whoami) /path-to-project
正确修复:将您的安装移动到 nginx/apache/您的用户可以实际写入的文件夹。如果您使用的是 nginx/apache,请将您的应用程序移到那里并为项目授予正确的权限(chown -R www-data: /path-to-project)如果您使用的是 php artisan serve,请将其权限更改为您的用户:chown -R $(whoami) /path-to-project
You get it, let writers write and you're good.
你明白了,让作家写作,你就很好。
回答by Reuben The Coder
Check out my answer to this question if it would be of help to what you are trying to achieve Form post request return error 419 unknown status laravel
查看我对这个问题的回答是否对您尝试实现表单发布请求返回错误 419 未知状态 laravel 有帮助
回答by Mostafa Nobaqi
run this command php artisan key:generate
运行此命令 php artisan key:generate
回答by crash
Probably your domain in browser address bar does not match domainkey in config/session.phpconfig file or SESSION_DOMAINin your env file.
可能您在浏览器地址栏中的域与配置文件或env 文件中的domain键不匹配。config/session.phpSESSION_DOMAIN
回答by TEFO
test this code
测试这段代码
Route::get('/contact', [
'uses' => 'ContactController@index',
'nocsrf' => true,
]);
Route::post('/contact', [
'uses' => 'ContactController@contactSubmit',
'nocsrf' => true,
]);
or you can delete hole csrf
或者你可以删除孔 csrf
protected $except = [
'*'
];
