laravel 为什么在使用 Form::open() 时我的 CSRF 令牌为空?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34422751/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why is my CSRF token empty when using Form::open()?
提问by Damon
I am juststarting out so please forgive me. I have a solid grasp on CodeIgniter, so I understand what is going on. However, I am noticing that my CSRF token is empty when I am creating a form. I am working through the laracasts videos to get a gasp on Laravel workflow.
我刚刚开始,所以请原谅我。我对 CodeIgniter 有很好的掌握,所以我明白发生了什么。但是,我注意到在创建表单时我的 CSRF 令牌为空。我正在浏览 laracasts 视频,以了解 Laravel 的工作流程。
myfile.blade.php
我的文件.blade.php
{!! Form::open((array('action' => 'MyController@method'))) !!}
...
{{!! Form::close() !!}}
Here is what I am getting when I view the source:
这是我查看源代码时得到的信息:
<form method="POST" action="http://mysite.dev/route" accept-charset="UTF-8">
<input name="_token" type="hidden">
</form>
I've looked through the config directory, but see nothing on having to enable csrf. Is there an additional setting somewhere I need to update?
我查看了 config 目录,但没有看到必须启用 csrf 的任何内容。我需要更新的地方是否有其他设置?
Thank you for your suggestions.
谢谢你的建议。
EDIT
编辑
Even this gives me an empty hidden input field:
即使这给了我一个空的隐藏输入字段:
{{ Form::token() }} // <input name="_token" type="hidden">
EDIT
编辑
Here is what my controller looks like:
这是我的控制器的样子:
//use Illuminate\Http\Request;
use Request;
use App\Article;
use App\Http\Requests;
use App\Http\Controllers\Controller;
public function store(Request $request)
{
$input = Request::all();
return $input;
}
So my updated form tag looks like this:
所以我更新的表单标签看起来像这样:
{!! Form::open((array('action' => 'ArticleController@store'))) !!}
...
When I submit, I can see the json response - the token is obviously empty.
当我提交时,我可以看到 json 响应 - 令牌显然是空的。
{"_token":"","title":"test","body":"test"}
回答by Thomas Kim
The Laravel Fundamental series is for Laravel 5.0 so you have a few options. You can install Laravel 5.0 to continue with that series. In order to install L5.0, you need to run this command:
Laravel Fundamental 系列适用于 Laravel 5.0,所以你有几个选择。您可以安装 Laravel 5.0 以继续该系列。为了安装 L5.0,您需要运行以下命令:
composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist
If you want to use Laravel 5.2 though (which I would recommend and Jeffrey Way will most likely release a series on this soon), there are several extra things to take into consideration.
如果你想使用 Laravel 5.2(我会推荐它并且 Jeffrey Way 很可能很快会发布一个关于这个的系列),还有一些额外的事情需要考虑。
First, put all your routes inside a "web" middleware group like this:
首先,把你所有的路由放在一个“web”中间件组中,如下所示:
Route::group(['middleware' => ['web']], function () {
// Put your routes inside here
});
In the past, there were several middlewares that ran on every request by default. In 5.2, this is no longer the case. For example, the token is stored in the session, but in 5.2, things like the "StartSession" middleware are not automatically applied. As a result, the "web" middleware need to be applied to your routes. The reason for this change in 5.2:
过去,默认情况下有几个中间件在每个请求上运行。在 5.2 中,情况不再如此。例如,令牌存储在会话中,但在 5.2 中,不会自动应用诸如“StartSession”中间件之类的东西。因此,需要将“web”中间件应用于您的路由。5.2中发生这种变化的原因:
Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a
webgroup, and perhaps the rate limiter in theapigroup.
中间件组允许您将多个路由中间件分组在一个方便的键下,允许您一次将多个中间件分配给一个路由。例如,这在同一应用程序中构建 Web UI 和 API 时非常有用。您可以将会话和 CSRF 路由
web分组到一个组中,并且可能将速率限制器api分组到该组中。
Also, in the Laravel Fundamental series, Jeffrey pulls in the "illuminate/html" package, but now, most people use the laravel collective package. They handle a lot of the Laravel packages that are taken out of the core. As a result, I would remove the "illuminate/html" package. In your composer.jsonfile, remove "illuminate/html: 5.0"(or whatever is in the require section). Also, remove the corresponding service provider and form facades that you added to your config/app.phpfile.
另外,在 Laravel Fundamental 系列中,Jeffrey 引入了“illuminate/html”包,但现在,大多数人使用的是 laravel 集体包。他们处理了很多从核心中取出的 Laravel 包。因此,我将删除“illuminate/html”包。在您的composer.json文件中,删除"illuminate/html: 5.0"(或 require 部分中的任何内容)。此外,删除您添加到config/app.php文件中的相应服务提供者和表单外观。
To install the laravel collective version, add this in your composer.jsonfile instead: "laravelcollective/html": "5.2.*-dev". Then, run composer update. Once that's done, in your config/app.phpfile, add this to your providers array:
要安装 Laravel 集体版本,请在您的composer.json文件中添加以下内容:"laravelcollective/html": "5.2.*-dev". 然后,运行composer update。完成后,在您的config/app.php文件中,将其添加到您的 providers 数组中:
Collective\Html\HtmlServiceProvider::class,
and add this to your aliases array:
并将其添加到您的别名数组中:
'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,
I hope I'm not missing anything else.
我希望我没有遗漏任何其他东西。
回答by Jimmy Obonyo Abor
This is a config issue .You need to set the app key in your config file ...config/app.phpto a 32 character string or use artisan cli php artisan key:generateto genearte the key for you to be able to use the CSRF token .
这是一个配置问题。您需要将配置文件中的 app 密钥设置...config/app.php为 32 个字符的字符串或使用 artisan cliphp artisan key:generate生成密钥,以便您能够使用 CSRF 令牌。
Also make sure that you include routes that use the CSRF token in the webgroup route .
还要确保在web组 route 中包含使用 CSRF 令牌的路由。
You may exclude URIs by defining their routes outside of the web middleware group that is included in the default routes.php file, or by adding the URIs to the $except property of the VerifyCsrfToken middleware: http://laravel.com/docs/5.2/routing#csrf-protection
您可以通过在包含在默认 routes.php 文件中的 web 中间件组之外定义它们的路由来排除 URI,或者通过将 URI 添加到 VerifyCsrfToken 中间件的 $except 属性:http://laravel.com/docs/ 5.2/routing#csrf-protection
回答by Sevenearths
If you have a login page and you want to clear out the session using:
如果您有一个登录页面并且您想使用以下方法清除会话:
Session::flush();
Don't forget that this also cleans out the csrf token before it can be put in the view
不要忘记,这也会在将 csrf 令牌放入视图之前清除它
回答by Kaleemullah
I have solved the issue of HtmlService provider actually 5.2 version removed Illuminate and add collective follow the step to solve the issue:
我已经解决了 HtmlService provider 的问题,实际上 5.2 版本删除了 Illuminate 并添加了集体按照步骤解决问题:
composer require laravelcollective/htmlcomposer update- add in config/app.php
composer require laravelcollective/htmlcomposer update- 添加在 config/app.php
'providers' => ['Collective\Html\HtmlServiceProvider'],
'aliases' => [
'Form' => 'Collective\Html\FormFacade',
'Html' => 'Collective\Html\HtmlFacade',
],
'providers' => ['Collective\Html\HtmlServiceProvider'],
'aliases' => [
'Form' => 'Collective\Html\FormFacade',
'Html' => 'Collective\Html\HtmlFacade',
],
Then you are able to use that form.
然后你就可以使用那个表格了。
回答by Chaudhry Waqas
It should be
它应该是
{!! Form::open((array('action' => 'MyController@method'))) !!}
...
{!! Form::close() !!}
