如何在Laravel 5.2中使用Ajax进行CSRF保护

I want to send a Ajax post request but i get some issues with CSRF.

Here is my js code :

 function sendAjaxRequest(index){
    var token = $('meta[name=csrf_token]').attr('content')
    $.ajaxSetup({ headers: { 'csrftoken' : token } });
    $.ajax({
       method: "POST",
        data: '{"value":"10"}', 
       dataType: 'json',
       url: "http://localhost/laravel/public/",
    });
 }

Here is my route from my laravel routes.php file :

Route::post('/','AjaxController@updateOrder');

Here is my console (jQuery issue) :

POST http://localhost/kaemo/public/ 500 (Internal Server Error)

Here is my network preview :

TokenMismatchException in VerifyCsrfToken.php line 67:

Any ideas ?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

dongli8862 2016-08-23 08:01

关注

Try to set CSRF token in X-CSRF-TOKEN like,

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

And add the below code in your app/Http/Middleware/VerifyCsrfToken.php, add the tokenMatch() method to this.

<?php
    /**
     * Determine if the session and input CSRF tokens match.
     *
     * @param \Illuminate\Http\Request $request
     * @return bool
     */
    protected function tokensMatch($request)
    {
        // If request is an ajax request, then check to see if token matches token provider in
        // the header. This way, we can use CSRF protection in ajax requests also.
        $token = $request->ajax() ? $request->header('X-CSRF-Token') : $request->input('_token');

        return $request->session()->token() == $token;
    }