weixin_33738555 2017-12-12 12:59 采纳率: 0%
浏览 44

Laravel 419身份不明

I am making an AJAX request from a subdomain to main domain. I have set up CORS so that subdomain is attached automatically to the allowed domain listing. I am getting a 419 (unknown status) error and upon dumping the error I found out that I am getting TokenMissmatchException.

I noticed also that that is infact true because I also saw:

"_token" => "h7I07Iv0m4sF7XHhXjtygnfCtITgzCi3Ml8lfT7Z" // <-- sent
"_token" => "N118Izko7j5uf851MpijBXInFLaUVicRdf9uw3h4" // <-- in session

I am obviously sending token with my AJAX request as I see it in the headers section when inspecting the request.

I suppose there is some missmatch going on because I am traversing from my subdomain to my domain.

How can I align tokens across my main domain and all subdomains so that I don't get an exception?

NOTE

All AJAX routes are receiving a token from

<meta name="csrf-token" content="{{ csrf_token() }}">

Attaching it to every request in

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

EDIT

I have placed this under session.php

"domain" => "." . env('APP_URL'),

because of the cookies, even though honestly I'm not sure what it does

  • 写回答

1条回答 默认 最新

  • 七度&光 2018-04-01 18:59
    关注

    Session sharing across multiple domain..... There can be tweaks to do it. To make a cookie available in all the sub-domains you need to assign it to the root domain.

     session.cookie_domain = ".example.com"
    

    Personally I would recommend a different approach (but it also depends on other factors upon which I don't have full visibility from your question....)

    Perform the ajax call from/to the same subdomain (CSRF middleware protected, standard CSRF usage) On the controller perform a server to server backend call to your main domain (e.g. a curl_exec )

    The server to server call is not visible and you can protect it... e.g. at network level or by adding an Oauth server if the two domain communicates through internet.

    评论

报告相同问题?

悬赏问题

  • ¥15 MATLAB怎么通过柱坐标变换画开口是圆形的旋转抛物面?
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿