如何防止 Laravel Routes 被直接访问(即非 ajax 请求)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32584700/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to prevent Laravel Routes from being accessed directly (i.e. non-ajax requests)
提问by Neel
In my project, I am using Laravel purely as a backend api and all frontend is handled by Angular javascript. At the moment, the Laravel routes can be accessed directly and it will cough out all the data in Json that shows in the browser. I want to put a restriction on it so Laravel only responds to Ajax requests and nothing else.
在我的项目中,我纯粹使用 Laravel 作为后端 api,所有前端都由 Angular javascript 处理。目前,Laravel 路由可以直接访问,它会咳出浏览器中显示的 Json 中的所有数据。我想对其进行限制,以便 Laravel 只响应 Ajax 请求,而不响应其他任何请求。
I read this post herewhich has a solution for Laravel 4 that is by adding a restriction in filter.php. But as of Laravel 5.1, filters are no longer used and I believe Middleware can be used to do the same. However, I am not sure how to go ahead changing the Laravel 4 solution in that SO answer from filter to Middleware.
我在这里阅读了这篇文章,其中有一个针对 Laravel 4 的解决方案,即通过在filter.php. 但是从 Laravel 5.1 开始,不再使用过滤器,我相信中间件可以用来做同样的事情。但是,我不确定如何继续将 SO 答案中的 Laravel 4 解决方案从过滤器更改为中间件。
Can someone share your ideas on how to prevent Laravel 5.1 routes from being accessed directly please?
有人可以分享您关于如何防止直接访问 Laravel 5.1 路由的想法吗?
Laravel 4 solution using filter.php:
In filter.phpdeclare this filter:
Laravel 4 解决方案使用filter.php:在filter.php声明此过滤器中:
Route::filter('isAJAX', function()
{
if (!Request::AJAX()) return Redirect::to('/')->with(array('route' => Request::path()));
});
Then put all your routes that you only want accessible via AJAX into a group. In your routes.php:
然后将所有您只想通过 AJAX 访问的路由放入一个组中。在你的 routes.php 中:
Route::group(array('before' => 'isAJAX'), function()
{
Route::get('contacts/{name}', ContactController@index); // Or however you declared your route
... // More routes
});
回答by Javi Stolz
Create the middleware file app/Http/Middleware/OnlyAjax.phpwith this content:
app/Http/Middleware/OnlyAjax.php使用以下内容创建中间件文件:
<?php
namespace App\Http\Middleware;
class OnlyAjax
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, \Closure $next)
{
if ( ! $request->ajax())
return response('Forbidden.', 403);
return $next($request);
}
}
Then register your middleware in the file app/Http/Kernel.php
然后在文件中注册你的中间件 app/Http/Kernel.php
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
//... your original code
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
//... your original code
'ajax' => \App\Http\Middleware\OnlyAjax::class,
];
}
And finally attach the middleware to any route or group of routes you want to make only accessible via AJAX. i.e:
最后将中间件附加到您希望只能通过 AJAX 访问的任何路由或路由组。IE:
/// File: routes/web.php
// Single route
Route::any('foo', 'FooController@doSomething')->middleware('ajax');
// Route group
Route::middleware(['ajax'])->group(function () {
// ...
});
