doudiandi6967 2016-11-04 16:44
浏览 55

CSRF跨多个应用程序/服务

I have 2 applications under the same domain, 1 running from a PHP 5.6 server with Laravel 5.2 backend & Angular2 frontend, and the other with a custom framework on a PHP 5.3 server with flat javascript frontend. In each application I have a csrf token. The older server (5.3) has a custom csrf generator, but the laravel one uses laravel's VerifyCsrfToken.php middleware.

I occasionally need to call an old API from the angular2 frontend, but the csrf tokens do not match. How do I implement a custom csrf token generator in laravel?

  • 写回答

1条回答 默认 最新

  • douren7179 2016-11-07 15:03
    关注

    You could create a OldTokenClassand pass the token to all your views. However, it's hard for me to speculate on what should be in OldTokenClass with the information you provide. Essentially, you should be able to generate or obtain the old app token from that class.

    Something like

    //Route
use App\Service\OldTokenClass;

view()->composer('*', function ($view) {
    $tokenGen =  new OldTokenClass();

    return $view->with('old_crsf_token', $tokenGen->get());

});

    Then in your view layout you could do something like

        <meta name="old-csrf-token" content="{{$old_crsf_token}}">

    and use it with angular.

    评论

报告相同问题?

悬赏问题

  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?
  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛