Laravel catch TokenMismatchException [英] Laravel catch TokenMismatchException
问题描述
可以使用try catch块捕获TokenMismatchException吗?而不是显示显示VerifyCrfToken.php第46行...中的TokenMismatchException的调试页面,我希望它显示实际页面,只显示一条错误消息。
我没有CSRF的问题,我只想让它仍然显示页面,而不是调试页面。
要复制(使用firefox):
步骤:
- 打开页面( http ://example.com/login )
- 清除Cookie(域,路径,会话)。我在这里使用web开发者工具栏插件。
- 提交表单。
实际结果:哎呀,看起来好像出了问题页面显示。
预期结果:仍然显示登录页面,然后传递令牌不匹配或某事的错误。
请注意,当我清除Cookie时, t刷新页面,以使令牌生成一个新的密钥,并强制它出错。
更新(添加表单):
< form class =form-horizontalaction =<?php echo route($ formActionStoreUrl);?>方法= POST >
< input type =hiddenname =_ tokenvalue =<?php echo csrf_token();?> />
< div class =form-group>
< label for =txtCodeclass =col-sm-1 control-label>代码< / label>
< div class =col-sm-11>
< input type =textname =txtCodeid =txtCodeclass =form-controlplaceholder =Code/>
< / div>
< / div>
< div class =form-group>
< label for =txtDescclass =col-sm-1 control-label>描述< / label>
< div class =col-sm-11>
< input type =textname =txtDescid =txtDescclass =form-controlplaceholder =Description/>
< / div>
< / div>
< div class =form-group>
< label for =cbxInactiveclass =col-sm-1 control-label>非活动< / label>
< div class =col-sm-11>
< div class =checkbox>
< label>
< input type =checkboxname =cbxInactiveid =cbxInactivevalue =inactive/>& nbsp;
< span class =check>< / span>
< / label>
< / div>
< / div>
< / div>
< div class =form-group>
< div class =col-sm-12>
< button type =submitclass =btn btn-primary pull-right>< i class =fa fa-save fa-lg>< / i>保存和LT; /按钮>
< / div>
< / div>
< / form>
这里没什么好想的。只是一个普通的形式。就像我说的那样,表单是工作完全正常。只是当我说出上述步骤时,由于TOKEN已经过期而导致错误。我的问题是,表单应该如何表现?我的意思是,当我清除cookies和会话时,我需要重新加载页面?您是否可以在 App \Exceptions\Handler.php中处理TokenMismatchException异常?
<?php命名空间App \Exceptions;
使用异常;
使用Illuminate\Foundation\Exceptions\Handler作为ExceptionHandler;
使用Illuminate\Session\TokenMismatchException;
class Handler扩展ExceptionHandler {
/ **
*不应该报告的异常类型的列表。
*
* @var数组
* /
protected $ dontReport = [
'Symfony\Component\HttpKernel\Exception\HttpException'
];
/ **
*报告或记录一个例外。
*
*这是向Sentry,Bugsnag等发送异常的好地方。
*
* @param \Exception $ e
* @return void
* /
public function report(Exception $ e)
{
return parent :: report($ e);
}
/ **
*向HTTP响应中呈现异常。
*
* @param \Illuminate\Http\Request $ request
* @param \Exception $ e
* @return \Illuminate\Http\响应
* /
public function render($ request,Exception $ e)
{
if($ e instanceof TokenMismatchException){
//重定向到表单。这里是一个例子,我如何处理我的
返回重定向($ request-> fullUrl()) - >与('csrf_error',糟糕!似乎你不能提交表单很长一段时间再试一次。);
}
return parent :: render($ request,$ e);
}
}
Can the TokenMismatchException be catched using try catch block? Instead of displaying the debug page that shows the "TokenMismatchException in VerifyCsrfToken.php line 46...", I want it to display the actual page and just display an error message.
I have no problems with the CSRF, I just want it to still display the page instead of the debug page.
To replicate (using firefox): Steps:
- Open page (http://example.com/login)
- Clear Cookies (Domain, Path, Session). I am using web developer toolbar plugin here.
- Submit form.
Actual Results: "Whoops, looks like something went wrong" page displays. Expected Results: Still display the login page then pass an error of "Token mismatch" or something.
Notice that when I cleared the cookies, I didn't refresh the page in order for the token to generate a new key and force it to error out.
UPDATE (ADDED FORM):
<form class="form-horizontal" action="<?php echo route($formActionStoreUrl); ?>" method="post">
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>" />
<div class="form-group">
<label for="txtCode" class="col-sm-1 control-label">Code</label>
<div class="col-sm-11">
<input type="text" name="txtCode" id="txtCode" class="form-control" placeholder="Code" />
</div>
</div>
<div class="form-group">
<label for="txtDesc" class="col-sm-1 control-label">Description</label>
<div class="col-sm-11">
<input type="text" name="txtDesc" id="txtDesc" class="form-control" placeholder="Description" />
</div>
</div>
<div class="form-group">
<label for="cbxInactive" class="col-sm-1 control-label">Inactive</label>
<div class="col-sm-11">
<div class="checkbox">
<label>
<input type="checkbox" name="cbxInactive" id="cbxInactive" value="inactive" />
<span class="check"></span>
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-12">
<button type="submit" class="btn btn-primary pull-right"><i class="fa fa-save fa-lg"></i> Save</button>
</div>
</div>
</form>
Nothing really fancy here. Just an ordinary form. Like what I've said, the form is WORKING perfectly fine. It is just when I stated the above steps, it errors out due to the TOKEN being expired. My question is that, should the form behave that way? I mean, when ever I clear cookies and session I need to reload the page too? Is that how CSRF works here?
You can handle TokenMismatchException Exception in App\Exceptions\Handler.php
<?php namespace App\Exceptions;
use Exception;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Session\TokenMismatchException;
class Handler extends ExceptionHandler {
/**
* A list of the exception types that should not be reported.
*
* @var array
*/
protected $dontReport = [
'Symfony\Component\HttpKernel\Exception\HttpException'
];
/**
* Report or log an exception.
*
* This is a great spot to send exceptions to Sentry, Bugsnag, etc.
*
* @param \Exception $e
* @return void
*/
public function report(Exception $e)
{
return parent::report($e);
}
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof TokenMismatchException){
// Redirect to a form. Here is an example of how I handle mine
return redirect($request->fullUrl())->with('csrf_error',"Oops! Seems you couldn't submit form for a long time. Please try again.");
}
return parent::render($request, $e);
}
}
这篇关于Laravel catch TokenMismatchException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
