doujie7346 2017-09-30 15:29
浏览 55
已采纳

从外部发送到laravel应用程序时出现TokenMismatchException

So I have an application that sends an AJAX request to an external server which does some stuff then makes a post call to the laravel application that made the initial call.

So I am trying to do a POST call to the laravel application. Now from the AJAX request i am sending the csrf_token()

Here are the headers I've put into my post request:

X-CSRF-TOKEN: LO8Dg7j1jZssXXGSLIa8inBgh2Y1QSsp6Birc1Ui
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded

That token belongs to the logged in user that made the AJAX request. Now the problem i'm getting is from this i get a TokenMismatchException500 error.

Is there something else I need to do in my external post calls headers in order to not encounter this error?

As i've got the CSRF token i am using a rest client to try send a test post using those headers and I get the same error?

The aim is on the recieving laravel app controller will then be able to use the token and i'll be able to use $request->user(); to get the user.

Note the recieving route has the web middleware attached to it.

  • 写回答

1条回答 默认 最新

  • duanba5777 2017-09-30 15:33
    关注

    Since you are making request from another server external url.Because of this you are getting erorr.Csrf token works with the same application not working if you try to exicute from other application. so you can disable csrf token.

    if you want to disable token for all request then add this in VerifyCsrfToken

      protected $except = [
            '/*',
        ];

    Excluding URIs From CSRF Protection

    Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

    Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

    <?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
    ];
}

    Ref: https://laravel.com/docs/5.5/csrf

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?