douwei1128
2015-02-17 08:14
浏览 11
已采纳

如何在控制器上检查令牌(CSRF)?

There is some option on Laravel that we allow Laravel to create a token and test it on server side to pull up CSRF attacks.

I found this on Laravel website, But didn't say how to check from Controller that is an attack or from a native and real page.

How to check the token (CSRF) on controller?

图片转代码服务由CSDN问答提供 功能建议

Laravel上有一些选项允许Laravel创建一个令牌并在服务器端测试它以提升CSRF 攻击。

我发现这个 Laravel网站,但没有说如何从Controller检查是一个攻击还是来自本地和真实页面。

如何检查控制器上的令牌(CSRF)?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dtcd27183 2015-02-17 08:19
    已采纳

    Assuming you use laravel 4.x:

    You don't need to check this in your controller. defining the before parameter tells laravel to check this automaticly.

    Route::post('profile', array('before' => 'csrf', function(){ 
        /* CSRF validated! */  
    }));
    

    If you want to do something when the token is incorrect, you can change the filter in app/filters.php. This one:

    Route::filter('csrf', function()
    {
        if (Session::token() != Input::get('_token'))
        {
            throw new Illuminate\Session\TokenMismatchException;
        }
    });
    
    打赏 评论
  • dopuzf0898 2015-02-17 08:40

    Answer for Laravel 5

    In Laravel 5 middleware replaces filters. This is also true for CSRF. The middleware is enabled by default and is handled in App\Http\Middleware\VerifyCsrfToken.

    It can be disabled by removing App\Http\Middleware\VerifyCsrfToken in App\Http\Kernel. And if moved to $routeMiddleware...

    protected $routeMiddleware = [
        'auth' => 'App\Http\Middleware\Authenticate',
        'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
        'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
        'csrf' => 'App\Http\Middleware\VerifyCsrfToken',
    ];
    

    ... it can be used conditionally by adding it to a route:

    Route::post('foo', ['middleware' => 'csrf', 'uses' => 'BarController@foo']);
    

    Or in the controllers constructor:

    public function __construct(){
        $this->middleware('csrf');
    }
    
    打赏 评论

相关推荐 更多相似问题