Laravel X-CSRF-Token 与 POSTMAN 不匹配
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30756682/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel X-CSRF-Token mismatch with POSTMAN
提问by sesc360
I try to talk to my REST API built with Laravel. But the call with POSTMAN is rejected due to a token mismatch. I guess I need to include the CSRF token in the header. But do I need the encrypted one? When I insert this token I still get the error that there is a token mismatch.
我尝试与我用 Laravel 构建的 REST API 交谈。但是由于令牌不匹配,与 POSTMAN 的调用被拒绝。我想我需要在标头中包含 CSRF 令牌。但是我需要加密的吗?当我插入这个令牌时,我仍然收到令牌不匹配的错误。
I retrieve my token by using:
我使用以下方法检索我的令牌:
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
return $encrypted_token;
but is this supposed to change on every refresh?
但这应该在每次刷新时改变吗?
回答by brianlmerritt
If you aren't using forms - for an API for example - you can follow the steps here https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0:
如果您不使用表单 - 例如对于 API - 您可以按照https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0此处的步骤操作:
Essentially, add the following to your blade or twig header
基本上,将以下内容添加到您的刀片或树枝头
<meta name="csrf-token" content="{{ csrf_token() }}">
Install Postman Interceptor if not already installed, and turn it on
如果尚未安装,请安装 Postman Interceptor,然后将其打开
Then, in your browser log into the site (you need to be authorised), and either inspect element or view source to retrieve the token
然后,在您的浏览器中登录该站点(您需要获得授权),然后检查元素或查看源以检索令牌
In Postman, set GET/POST etc as needed, and in your header create a new pair
在 Postman 中,根据需要设置 GET/POST 等,并在您的标题中创建一个新对
X-CSRF-TOKEN tokenvaluetobeinserted235kwgeiOIulgsk
Some people recommend turning off the CSRF token when testing the API, but then you aren't really testing it are you.
有些人建议在测试 API 时关闭 CSRF 令牌,但实际上您并不是在测试它。
If you do find you still have errors, check the response back using previewas Laravel tends to be fairly explicit with their error messages. If nothing is coming back, check your php_error.log(what ever it is called).
如果您确实发现仍然有错误,请使用返回检查响应,preview因为 Laravel 的错误消息往往相当明确。如果什么都没有回来,请检查您的php_error.log(它叫什么)。
ps Oct 2018 - I now user Laravel Passport for handling API registration, logins and user tokens - worth a look!
ps 2018 年 10 月 - 我现在使用 Laravel Passport 来处理 API 注册、登录和用户令牌 - 值得一看!
回答by James Taylor
Yes it changes every refresh. You should be putting it in the view and when you post it needs to be sent as the value of the "_token" POST var.
是的,它每次刷新都会改变。你应该把它放在视图中,当你发布它需要作为“_token”POST var的值发送。
If you are just using a standard POST just add this to the form:
如果您只是使用标准 POST,只需将其添加到表单中:
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
If you are using AJAX make sure you grab the value of _token and pass it with the request.
如果您使用 AJAX,请确保获取 _token 的值并将其与请求一起传递。
回答by Katsum0to
Use Postman
Make a GET request to any page that has<meta name="csrf-token" content="{{ csrf_token() }}">
Copy the value from the response.
使用 Postman
向任何具有<meta name="csrf-token" content="{{ csrf_token() }}">
从响应中复制值的页面发出 GET 请求。
Add a header field to your POST request:
向您的 POST 请求添加标头字段:
"X-CSRF-TOKEN: "copied_token_in_previous_get_response"
回答by James Cushing
I had this error while using a baseURLvariable in my Postman environment. Turns out I was calling the site's URL without /apiat the end. Sounds silly, but just to eliminate user error make sure you check that your request URL is based on:
baseURL在 Postman 环境中使用变量时出现此错误。结果我/api在最后没有调用站点的 URL 。听起来很傻,但为了消除用户错误,请确保检查您的请求 URL 是否基于:
? https://<your-site-url>/api
? https://<your-site-url>/api
Not:
不是:
? https://<your-site-url>
? https://<your-site-url>
