douan7529 2018-06-29 05:37
浏览 360
已采纳

即使设置了meta中的csrf_token,Laravel + ReactJS页面也已过期

I'm building a web application using Laravel 5.6 and ReactJS 16.4.1.

I have set the csrf_token on my master.blade.php on the <head> as follows:

<meta name="csrf-token" content="{{csrf_token()}}">

Then on my reactJs, I loaded my registration component like so:

export default class RegistrationForm extends Component {
    render() {
        return (
            <React.Fragment>
                <form method="post" action={this.props.actionUrl}>
                    <div className="form-group">
                      <label htmlFor="txtEmail">Email</label>
                      <input type="email" name="txtEmail" id="txtEmail" className="form-control" placeholder="Email" />
                    </div>
                    <div className="form-group">
                      <label htmlFor="exampleInputPassword1">Password</label>
                      <input type="password" name="txtPassword" id="txtPassword" className="form-control" placeholder="Password" />
                    </div>
                    <div className="text-right">
                        <button type="submit" name="btnRegister" id="btnRegister" className="btn btn-primary">Register</button>
                    </div>
                </form>
            </React.Fragment>
        );
    }
}

Then when I hit the register button, I am being redirected to a The page has expired due to inactivity. Please refresh and try again. page.

I'm not sure why this is still happening even I have the csrf-token meta already.

I have tried this already but still does not work.

But when I remove the VerifyCsrfToken on the Kernel.php, it works. \App\Http\Modules\Common\Middleware\VerifyCsrfToken::class

Is it safe to remove this class? Though I still want to have the csrf validation as to why I do not want to just remove it on the middleware.

  • 写回答

1条回答 默认 最新

  • dtkjthe4025 2018-07-02 03:00
    关注

    I've manually added a hidden field with the {{csrf_token()}} as the value and it now works. It seems that on reactjs, this field should be added manually aside from the meta csrf token.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 汇编语言除法溢出问题
  • ¥65 C++实现删除N个数据列表共有的元素
  • ¥15 Visual Studio问题
  • ¥15 state显示变量是字符串形式,但是仍然红色,无法引用,并显示类型不匹配
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗