php 在 Laravel 5 中,如何禁用特定路由的 VerifycsrfToken 中间件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31223189/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
In Laravel 5, How to disable VerifycsrfToken middleware for specific route?
提问by Ariful Haque
I am using Laravel 5 for developing an app. My app is connected with VendHQ API and I am intended to get some data from VendHQ through their webhook. As per their Documentation
我正在使用 Laravel 5 开发应用程序。我的应用程序与 VendHQ API 连接,我打算通过他们的 webhook 从 VendHQ 获取一些数据。根据他们的文档
When an event happens and triggers a webhook, we'll send a POST request to a URL of your choosing. The POST request will be in the UTF-8 charset, and application/x-www-form-urlencoded encoding.
当事件发生并触发 Webhook 时,我们将向您选择的 URL 发送 POST 请求。POST 请求将采用 UTF-8 字符集和 application/x-www-form-urlencoded 编码。
The problem is, when they try to send a POST request to my Laravel app, no CSRF Token is added in their post request and VerifyCsrfTokenmiddleware is looking for a token and finally it throws a TokenMismatchException.
问题是,当他们尝试向我的 Laravel 应用程序发送 POST 请求时,他们的 post 请求中没有添加 CSRF 令牌,VerifyCsrfToken中间件正在寻找令牌,最后它抛出一个TokenMismatchException.
My question is, how can I avoid this default VerifyCsrfTokenMiddleware for some specific routes while keeping other post requests active?
我的问题是,如何VerifyCsrfToken在保持其他发布请求处于活动状态的同时避免某些特定路由的默认中间件?
采纳答案by Alex Kyriakidis
CSRF is enabled by default on all Routes in Laravel 5, you can disable it for specific routes by modifying app/Http/Middleware/VerifyCsrfToken.php
在 Laravel 5 的所有路由上默认启用 CSRF,您可以通过修改 app/Http/Middleware/VerifyCsrfToken.php 为特定路由禁用它
//app/Http/Middleware/VerifyCsrfToken.php
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];
//modify this function
public function handle($request, Closure $next)
{
//add this condition
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
return parent::handle($request, $next);
}
回答by user3252599
In Laravel 5 this has chagned a bit. Now you can simply add the routes you want to exclude from csrftoken verification, in $exceptarray of the class
在 Laravel 5 中,这发生了一些变化。现在您可以简单地$except在类的数组中添加要从 csrftoken 验证中排除的路由
'VerifyCsrfToken' (\app\Http\Middleware\VerifyCsrfToken.php):
'VerifyCsrfToken' (\app\Http\Middleware\VerifyCsrfToken.php):
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
// Place your URIs here
];
}
Examples:
例子:
1. If you are using a route group:
1. 如果您使用路由组:
Route::group(array('prefix' => 'api/v2'), function()
{
Route::post('users/valid','UsersController@valid');
});
Your $exceptarray looks like:
你的$except数组看起来像:
protected $except = ['api/v2/users/valid'];
2. If you are using a simple route
2.如果你使用的是简单的路线
Route::post('users/valid','UsersController@valid');
Your $exceptarray looks like:
你的$except数组看起来像:
protected $except = ['users/valid'];
3. If you want to exclude all routes under main route (users in this case)
3.如果要排除主路由下的所有路由(本例中的用户)
Your $exceptarray looks like:
你的$except数组看起来像:
protected $except = ['users/*'];
see: http://laravel.com/docs/master/routing#csrf-excluding-uris
见:http: //laravel.com/docs/master/routing#csrf- exclude-uris
回答by Abraham
If you are using the version 5.2 then in: app/Http/Middleware/VerifyCsrfToken.php you can add the route to the attribute: protected $except: For example:
如果您使用的是 5.2 版,则在:app/Http/Middleware/VerifyCsrfToken.php 中,您可以将路由添加到属性:protected $except: 例如:
protected $except = [
'users/get_some_info',
];
The portion users would be your controller, "get_some_info" would be the action. After you perform this change, make sure you add the route in your routes.php.
用户部分将是您的控制器,“get_some_info”将是操作。执行此更改后,请确保在 routes.php 中添加路由。
回答by Sunilspr7
Add your route to App\Http\Middleware\VerifyCsrfToken.phpfile:
将您的路线添加到App\Http\Middleware\VerifyCsrfToken.php文件:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'route-name-1', 'route-name-2'
];
