Laravel 4 CSRF表单通过Ajax调用提交 [英] Laravel 4 CSRF form submit through Ajax call

问题描述

我是Stackoverflow和Laravel 4的新手 我正在尝试通过jquery ajax提交表单.我serializeArray()的形式，并使用JSON提交. 在laravel中，在检查我提交的csrf令牌的路由中，转到我的控制器以获取进程输入. 当_token输入位于与serializeArray()相同的数组中时，csrf检查不起作用. 我必须获取_token值，然后将其作为单独的ajax数据提交.我想知道是否有一种方法可以告诉csrf过滤器在何处运行以检查输入数组的hte字段_token并使用它? 这是我的代码:

I'm new to both Stackoverflow and Laravel 4, I am trying to submit a form through jquery ajax. I serializeArray() the form and use json to submit it. In laravel, in the routes I check the csrf token submitted, the go to my controller for process inputs. The csrf check doesn't work when the _token input is in an array as with serializeArray(). I have to get the _token value and submit is as a seperate ajax data. I'm wondering if there is a way to tell csrf filter where ever its running to check the input array for hte field _token and use that? here is my code:

routes.php

routes.php

Route::post('searchAjax', array('before' => 'csrf', 
                                'uses' => 'SearchController@searchAjax'));

这是我想要读取数组形式[0] ['_ token]的地方，但我不知道如何告诉它做到这一点.

This is where I wan't it to read the array form[0]['_token] but I don't know how to tell it to do that.

index.js
    var form = $('#search').serializeArray();
var token = $('#search > input[name="_token"]').val();
$.ajax({
    type: 'post',
    url: 'searchAjax',
    dataType: 'json',
    data: { _token: token, form: form },
    success: function(data) {
        for(var key in data)
        {
            //alert(key)
        }
        //alert(data.message);
    }
});

我想摆脱ajax调用中的{_token:令牌，形式:form}，而只拥有已经包含_token的数组"form". 这是html:

I want to get rid of { _token: token, form: form } in the ajax call and just have 'form' that is an array with _token in it already. here is the html:

<form id="search" class="form-horizontal" accept-charset="UTF-8" action="http://testing:998/search" method="POST">
  <input type="hidden" value="6GBbv9LmnOdL8UcOsm8DDJ4Bfi6eGcQRlC9SPdL4" name="_token">
<div class="control-group">
  <label class="control-label" for="title">Book Titles</label>
  <div class="controls">
    <input id="title" class="input" type="text" value="click to search book titles" name="title">
  </div>
</div>
<div class="control-group">
<div class="control-group">
<div class="control-group">
</form>

先谢谢您. :)

推荐答案

另一个选择是使用Kelt Dockins概述的方法，例如，使用jquery在标头中发送令牌.在您的jquery/javascript引导程序中的某处添加:

Another option is to use the approach outlined by Kelt Dockins which is to send the token in the headers using jquery, eg. somewhere in your jquery/javascript bootstrapping add:

$.ajaxSetup({
    headers: {
        'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
    }
});

这将从头元数据标签获取CSRF令牌，并将其包含在每个ajax请求的头中.然后，您需要将元数据和令牌添加到Laravel模板中，例如.

This will get the CSRF token from a header meta data tag and include it in the headers of each ajax request. Then you need to add the metadata and token into your Laravel templates, eg.

<head>
    <title>My Page</title>
    <meta name="csrf-token" content="<?= csrf_token() ?>">

您还需要修改CSRF过滤器以检查ajax请求标头以及默认的Input :: get('_ token')

You also need to modify the CSRF filter to check the ajax request header as well the default Input::get('_token')

Route::filter('csrf', function()

{
   $token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
   if (Session::token() != $token) {
      throw new Illuminate\Session\TokenMismatchException;
   }
});

这篇关于Laravel 4 CSRF表单通过Ajax调用提交的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！