php 在 laravel 中为特定路由禁用 csrf
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31729415/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
disable csrf in laravel for specific route
提问by jedrzej.kurylo
I've a payment system, where data is submitted to 3rd party site and than hauled back...
我有一个支付系统,数据被提交到第 3 方网站,然后被拖回......
When data returns it hits specific url lets say /ok route. $_REQUEST['transaction'].
当数据返回时,它会访问特定的 url,可以说 /ok 路由。$_REQUEST['transaction'].
But because of laravel middleware I'm getting token mismatch. There is no way 3rd party payment API can generate token, so how I disable it? only for this route?
但是由于 Laravel 中间件,我的令牌不匹配。3rd 方支付 API 无法生成令牌,那么我如何禁用它?只针对这条路线?
or is there a better option?
还是有更好的选择?
Route::get('/payment/ok', 'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');
public function Ok( Request $request )
{
$transId = $request->get('trans_id');
if ( isset( $transId ) )
{
return $transId;
}
}
回答by jedrzej.kurylo
Since version 5.1Laravel's VerifyCsrfTokenmiddleware allows to specify routes, that are excluded from CSRF validation. In order to achieve that, you need to add the routes to $exceptarray in your App\Http\Middleware\VerifyCsrfToken.phpclass:
由于版本5.1Laravel 的VerifyCsrfToken中间件允许指定路由,这些路由被排除在 CSRF 验证之外。为了实现这一点,您需要将路由添加到App\Http\Middleware\VerifyCsrfToken.php类中的$except数组中:
<?php namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
'payment/*',
];
}
See the docsfor more information.
有关更多信息,请参阅文档。
