dpwo36915 2016-12-19 09:19
浏览 58
已采纳

Angular2和Laravel CSRF保护

I have already read some topics

And the problem I encountered is lies in this piece of code

<meta property="csrf-token" name="csrf-token" content="{{ csrf_token() }}">

I'm using Angular2 as core engine, which sending AJAX requests to Laravel API and I'm not using blade templates - just .html files, so I can't call php function csrf_token() from html file

So, I added a temporary solution by extending my /var/www/pandacrm/app/Http/Middleware/VerifyCsrfToken.php file

public function handle($request, Closure $next)
{
    if ( ! $request->is('api/*'))
    {
        return parent::handle($request, $next);
    }

    return $next($request);
}

But it seems not the best way to work around, is there any other solutions to resolve this issue?

  • 写回答

1条回答 默认 最新

  • dongqia0240 2016-12-20 04:52
    关注

    You can create a meta tag with csrf-token by using JavaScript in your html file!

    How to do this:

    Send an Ajax request to Laravel Route to get token. (return csrf-token in a Controller action) And then create a meta tag with that token in your html file.

    But before doing this, you have to disable csrf protection on that specific route. There is a way to do this here for laravel5 and here for 5.3.

    Now you have a meta tag with csrf that can be used for other ajax requests.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)