遇到"VerifyCsrfToken.php中的TokenMismatchException"；错误 [英] Encountering "TokenMismatchException in VerifyCsrfToken.php" error

问题描述

我正在尝试向Laravel执行AJAX提交.根据Laravel的文档此处，我需要添加CSRF令牌作为请求标头和POST参数.我正在从XSRF-TOKEN cookie中检索CSRF令牌，如文档中所述:

I am attempting to perform an AJAX submission to Laravel. According to Laravel's documentation here, I need to add a CSRF token as both a request header and POST parameter. I'm retrieving the CSRF Token from the XSRF-TOKEN cookie as also described in the documentation:

// Grab XSRF cookie.
var csrf_token;
var cookies = document.cookie.split(';');
for(cookie_offset in cookies) {
    var cookie_parts = cookies[cookie_offset].split('=');
    if(cookie_parts[0].trim() === 'XSRF-TOKEN') {
        csrf_token = cookie_parts[1].trim();
    }
}

这将检索类似于以下内容的令牌: eyJpdiI6Ik96QTdtcFIzam85TGJNQ3pzNUF1blE9PSIsInZhbHVlIjoiQm8zelBSaFpaM0JZcjlxcURFVEZNenZWMzNxUHFBMm1VVzM3YXpBbjVvaTBReEY5cFA1RGV3UVBHQWhjVGhZYmtDZ2lacGxFejJwQkxHaGplV1wvVEtRPT0iLCJtYWMiOiI3NTlkZmI5ODU2YTdlN2RiYTA1YTAyM2NiZmZlOWUwZTQyY2I0NTUzOWEyNzI5YjE2ODIyMmU1YzZiNDE1MmQ0In0

This retrieves a token similar to the following: eyJpdiI6Ik96QTdtcFIzam85TGJNQ3pzNUF1blE9PSIsInZhbHVlIjoiQm8zelBSaFpaM0JZcjlxcURFVEZNenZWMzNxUHFBMm1VVzM3YXpBbjVvaTBReEY5cFA1RGV3UVBHQWhjVGhZYmtDZ2lacGxFejJwQkxHaGplV1wvVEtRPT0iLCJtYWMiOiI3NTlkZmI5ODU2YTdlN2RiYTA1YTAyM2NiZmZlOWUwZTQyY2I0NTUzOWEyNzI5YjE2ODIyMmU1YzZiNDE1MmQ0In0

一旦有了令牌，就将其添加为X-CSRF-Token标头和_token POST参数.

Once I have the token, I am adding it as a X-CSRF-Token header and _token POST parameter.

执行请求时，我收到此错误: TokenMismatchException in VerifyCsrfToken.php line 46

When I perform the request, I'm receiving this error: TokenMismatchException in VerifyCsrfToken.php line 46

我也尝试过将令牌作为X-XSRF-TOKEN标头传递，但遇到相同的错误

I've also tried passing the token as a X-XSRF-TOKEN header instead, but am getting the same error

当我设置X-XSRF-TOKEN并省略_token POST参数时，我遇到了另一个错误: DecryptException in Encrypter.php line 142: Invalid data.

When I set the X-XSRF-TOKEN and omit the _token POST parameter, I encounter a different error: DecryptException in Encrypter.php line 142: Invalid data.

我在这里想念什么?

更新: 经过更多调试并将该请求与AngularJS实现生成的请求进行比较后，我发现该问题是我需要对Cookie的值进行URL解码.

UPDATE: After some more debugging and comparing this request with requests being generated by an AngularJS implementation which ran side-by-side this implementation, I discovered the problem was that I needed to URL Decode the cookie's value.

从cookie中提取csrf令牌后，我只需要执行以下操作:

I simply needed to do the following, after extracting the csrf token from the cookies:

csrf_token = decodeURIComponent(csrf_token );

推荐答案

您可以将令牌添加到客户端的AJAX请求中，也可以将其添加为表单中的隐藏字段.您必须添加一种方法，让客户端知道令牌是什么.一种方法是从基本视图使用令牌元标记:

You add the token to the client's request either for AJAX or as a hidden field in a form. You have to add a way for the client to know what the token is. One method is to use the token meta tag from the base view:

<meta name="xsrf-token" content="{{Session::token()}}" />

然后在JavaScript端针对您可以执行的任何ajax请求进行操作:

Then in your javascript side for any ajax request you can do:

$(document).ready(function(){
  $.ajaxSetup({
     headers: {
       'X-CSRF-Token':$('meta[name="xsrf-token"]).attr('content')
     }
  });
}

否则，当您发布时，可以在隐藏字段中使用CSRF令牌 如此:

Otherwise when you post you can use the CSRF token in a hidden field as so:

<input type="hidden" name="_token" value="{{Session::token()}}">

这篇关于遇到"VerifyCsrfToken.php中的TokenMismatchException"；错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！