使用 csrf 令牌从 android 应用程序访问 laravel 应用程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31627477/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
access laravel app from android app with csrf token
提问by ddw147
I am leaning laravel framework, i have installed 5.0 version. i use it for json api service which will give JSON output after calling certain route. it works very well if i requrest URL from browser. but when i am trying to access from my android app it gives error that file not found exception (java.io.filenotfoundexception). after checking log i got point that laravel has error of Token Mismatch Exception. laravel need csrf token to access it resources. I have option that i can disable that authentication but it seem less secure way.
我正在学习 Laravel 框架,我已经安装了 5.0 版本。我将它用于 json api 服务,它将在调用某些路由后提供 JSON 输出。如果我从浏览器请求 URL,它工作得很好。但是当我尝试从我的 android 应用程序访问时,它给出了文件未找到异常(java.io.filenotfoundexception)的错误。检查日志后,我发现 Laravel 有令牌不匹配异常错误。laravel 需要 csrf 令牌来访问它的资源。我可以选择禁用该身份验证,但它似乎不太安全。
can somehow i can allow access to laravel app from my android app not from other app ? can we specify csrf key from android app ?
我可以以某种方式允许从我的 android 应用程序而不是其他应用程序访问 laravel 应用程序吗?我们可以从 android 应用程序指定 csrf 密钥吗?
回答by Ben Claar
If you don't want to disable CSRF tokens, then you will need to retrieve the CSRF in one request, then pass the retrieved token along with your POST request.
如果您不想禁用 CSRF 令牌,那么您需要在一个请求中检索 CSRF,然后将检索到的令牌与您的 POST 请求一起传递。
// Create a new HttpClient and Post Header
HttpClient httpclient = new DefaultHttpClient();
// Get the CSRF token
httpClient.execute(new HttpGet("http://www.yoursite.com/"));
CookieStore cookieStore = httpClient.getCookieStore();
List <Cookie> cookies = cookieStore.getCookies();
for (Cookie cookie: cookies) {
if (cookie.getName().equals("XSRF-TOKEN")) {
CSRFTOKEN = cookie.getValue();
}
}
// Access POST route using CSRFTOKEN
HttpPost httppost = new HttpPost("http://www.yoursite.com/your-post-route");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("_token", CSRFTOKEN));
nameValuePairs.add(new BasicNameValuePair("stringdata", "Hello!"));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
} catch (IOException e) {
// TODO Auto-generated catch block
}
回答by H. ELKINA
I tried
我试过
...
nameValuePairs.add(new BasicNameValuePair("_token", CSRFTOKEN));
...
But it doesn't work
但它不起作用
If you can try
如果你可以尝试
request.addHeader("X-CSRF-Token", token);
it works for me
这个对我有用
