CakePHP:CMS教程:获取InvalidCsrfTokenException尽管csrf保护甚至没有激活 [英] CakePHP: CMS Tutorial: Getting InvalidCsrfTokenException although csrf protection it is not even activated
问题描述
我在Lubuntu上设置了CakePHP 4.0.6.使用本地Apache服务器.安装顺利,我可以看到欢迎页面.
I set up CakePHP 4.0.6 on my Lubuntu. Using a local Apache Server. Installation went fine I can see the welcome page.
然后,我开始进行CMS教程,在数据库中创建表,然后使用bake创建所有内容 ./cake烘烤所有东西-
效果也很好,我可以看到/users/index
页面.
Then I startet the CMS Tutorial, created the tables in the database and then created everything with bake
./cake bake all --everything
This worked fine as well and I could see the /users/index
page.
接下来,我当然尝试通过添加用户来使用cms,显示了表格,我填写了所请求的信息,但是提交后出现此错误:缺少CSRF令牌正文
Next of course I tried to play with the cms by adding an user, the form was shown and i filled in the requested information but upon submitting i got this error: Missing CSRF token body
堆栈跟踪:
[Cake \ Http \ Exception \ InvalidCsrfTokenException]/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php在第254行堆栈跟踪中缺少CSRF令牌正文:-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:133-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:162-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:119-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/debug_kit/src/Middleware/DebugKitMiddleware.php:60-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Server.php:90-/home/david/Software/cakePhpTest/webroot/index.php:40请求URL:/users/add引用URL:
[Cake\Http\Exception\InvalidCsrfTokenException] Missing CSRF token body in /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php on line 254 Stack Trace: - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:133 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:162 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:119 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/debug_kit/src/Middleware/DebugKitMiddleware.php:60 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Server.php:90 - /home/david/Software/cakePhpTest/webroot/index.php:40 Request URL: /users/add Referer URL: http://localhost:8765/users/add Client IP: 127.0.0.1
What really puzzles me is that according to CakePHP Documentation cross site request forgery protection would have to be enabled in src/Application.php
which is not in a freshly installed project. I checked.
那么未启用的功能怎么会导致错误.
So how can something that is not enabled cause an error.
要查看如果启用它会发生什么,我从文档中复制了代码:
To see what happend if i would enable it, i copied the code from the documentation:
use Cake\Http\Middleware\CsrfProtectionMiddleware;
...
$options = [
// ...
];
$csrf = new CsrfProtectionMiddleware($options);
到 src/Application.php
.这会导致相同的错误.
to the src/Application.php
. This lead to the same error.
推荐答案
在默认的应用程序框架中,CSRF中间件正在路由范围中注册,在您链接的文档的第二个示例中显示了类似的内容
In the default application skeleton, the CSRF middleware is being registered in a routing scope, something similar is shown in the second example of the docs that you've linked.
$routes->scope('/', function (RouteBuilder $builder) {
// Register scoped middleware for in scopes.
$builder->registerMiddleware('csrf', new CsrfProtectionMiddleware([
'httpOnly' => true,
]));
/*
* Apply a middleware to the current route scope.
* Requires middleware to be registered through `Application::routes()` with `registerMiddleware()`
*/
$builder->applyMiddleware('csrf');
// ...
});
https://github.com/cakephp/app/blob/4.0.3/config/routes.php#L49-L58
https://github.com/cakephp/app/blob/4.0.3/config/routes.php#L49-L58
查看您的 config/routes.php
文件,并根据需要配置/删除中间件.
See your config/routes.php
file and configure/remove the middleware according to your needs.
如果您想要使用CSRF中间件,请确保删除该域的Cookie,CSRF令牌Cookie进行了更改,当前与现有CSRF令牌Cookie不兼容,请参见 https://github.com/cakephp/cakephp/issues/14471 .
If you want to use the CSRF middleware, make sure to delete your cookies for the domain, there has been a change made to CSRF token cookies which is currently incompatible with existing CSRF token cookies, see https://github.com/cakephp/cakephp/issues/14471.
这篇关于CakePHP:CMS教程:获取InvalidCsrfTokenException尽管csrf保护甚至没有激活的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!