Laravel X-CSRF-Token与POSTMAN不匹配 [英] Laravel X-CSRF-Token mismatch with POSTMAN
问题描述
我尝试谈谈使用Laravel构建的REST API.但是由于令牌不匹配而拒绝了POSTMAN的呼叫.我想我需要在标题中包含CSRF令牌.但是我需要加密的吗?当我插入此令牌时,我仍然收到令牌不匹配的错误.
I try to talk to my REST API built with Laravel. But the call with POSTMAN is rejected due to a token mismatch. I guess I need to include the CSRF token in the header. But do I need the encrypted one? When I insert this token I still get the error that there is a token mismatch.
我使用以下方法检索令牌:
I retrieve my token by using:
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
return $encrypted_token;
但这应该在每次刷新时都会改变吗?
but is this supposed to change on every refresh?
推荐答案
If you aren't using forms - for an API for example - you can follow the steps here https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0:
基本上,将以下内容添加到刀片或树枝头中
Essentially, add the following to your blade or twig header
<meta name="csrf-token" content="{{ csrf_token() }}">
如果尚未安装Postman Interceptor,请安装它,然后将其打开
Install Postman Interceptor if not already installed, and turn it on
然后,在浏览器中登录到该站点(需要获得授权),然后检查元素或查看源以检索令牌
Then, in your browser log into the site (you need to be authorised), and either inspect element or view source to retrieve the token
在邮递员中,根据需要设置GET/POST等,然后在标题中创建一个新对.
In Postman, set GET/POST etc as needed, and in your header create a new pair
X-CSRF-TOKEN tokenvaluetobeinserted235kwgeiOIulgsk
有人建议在测试API时关闭CSRF令牌,但是您并不是真的在测试它.
Some people recommend turning off the CSRF token when testing the API, but then you aren't really testing it are you.
如果确实发现仍有错误,请使用preview再次检查响应,因为Laravel往往会非常明确地显示其错误消息.如果什么都没有回来,请检查您的php_error.log(无论它叫什么).
If you do find you still have errors, check the response back using preview as Laravel tends to be fairly explicit with their error messages. If nothing is coming back, check your php_error.log (what ever it is called).
ps 2018年10月-我现在使用Laravel Passport来处理API注册,登录名和用户令牌-值得一看!
ps Oct 2018 - I now user Laravel Passport for handling API registration, logins and user tokens - worth a look!
这篇关于Laravel X-CSRF-Token与POSTMAN不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
