duananyantan04633 2017-01-18 10:45
浏览 147
已采纳

在Laravel中更改CSRF失败HTTP响应代码

We're using laravel 5.3's built in csrf protection via {{ csrf_field() }} method.

When we've been running security scans that are obviously failing, the server is returning a 500 Internal Server Error

However this isn't actually a server error - as it is the client sending bad information - thus it should fall into the 400 Error range.

I've done a small bit of digging and cant quite see how it actually returns the 500.

Would anybody be able to suggest how to change this response to something else?

  • 写回答

2条回答 默认 最新

  • doufen5175 2017-01-18 10:58
    关注

    You can override this through your App/Http/Middleware/VerifyCSRFToken.php file like so:

    <?php
namespace App\Http\Middleware;

use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
use Illuminate\Session\TokenMismatchException;

class VerifyCsrfToken extends BaseVerifier {

    public function handle($request, Closure $next) {
        try {
            return parent::handle($request, $next);
        } catch (TokenMismatchException $ex) {
            // throw custom exception like so: throw new CustomException($ex->getMessage());
            // or new HttpException with response code like so: abort(403, $ex->getMessage());
        }
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 有兄弟姐妹会用word插图功能制作类似citespace的图片吗?
  • ¥200 uniapp长期运行卡死问题解决
  • ¥15 请教:如何用postman调用本地虚拟机区块链接上的合约?
  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?
  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败