遇到"VerifyCsrfToken.php中的TokenMismatchException";错误 [英] Encountering "TokenMismatchException in VerifyCsrfToken.php" error
问题描述
我正在尝试向Laravel执行AJAX提交.根据Laravel的文档此处,我需要添加CSRF令牌作为请求标头和POST参数.我正在从XSRF-TOKEN
cookie中检索CSRF令牌,如文档中所述:
I am attempting to perform an AJAX submission to Laravel. According to Laravel's documentation here, I need to add a CSRF token as both a request header and POST parameter. I'm retrieving the CSRF Token from the XSRF-TOKEN
cookie as also described in the documentation:
// Grab XSRF cookie.
var csrf_token;
var cookies = document.cookie.split(';');
for(cookie_offset in cookies) {
var cookie_parts = cookies[cookie_offset].split('=');
if(cookie_parts[0].trim() === 'XSRF-TOKEN') {
csrf_token = cookie_parts[1].trim();
}
}
这将检索类似于以下内容的令牌:
eyJpdiI6Ik96QTdtcFIzam85TGJNQ3pzNUF1blE9PSIsInZhbHVlIjoiQm8zelBSaFpaM0JZcjlxcURFVEZNenZWMzNxUHFBMm1VVzM3YXpBbjVvaTBReEY5cFA1RGV3UVBHQWhjVGhZYmtDZ2lacGxFejJwQkxHaGplV1wvVEtRPT0iLCJtYWMiOiI3NTlkZmI5ODU2YTdlN2RiYTA1YTAyM2NiZmZlOWUwZTQyY2I0NTUzOWEyNzI5YjE2ODIyMmU1YzZiNDE1MmQ0In0
This retrieves a token similar to the following:
eyJpdiI6Ik96QTdtcFIzam85TGJNQ3pzNUF1blE9PSIsInZhbHVlIjoiQm8zelBSaFpaM0JZcjlxcURFVEZNenZWMzNxUHFBMm1VVzM3YXpBbjVvaTBReEY5cFA1RGV3UVBHQWhjVGhZYmtDZ2lacGxFejJwQkxHaGplV1wvVEtRPT0iLCJtYWMiOiI3NTlkZmI5ODU2YTdlN2RiYTA1YTAyM2NiZmZlOWUwZTQyY2I0NTUzOWEyNzI5YjE2ODIyMmU1YzZiNDE1MmQ0In0
一旦有了令牌,就将其添加为X-CSRF-Token
标头和_token
POST参数.
Once I have the token, I am adding it as a X-CSRF-Token
header and _token
POST parameter.
执行请求时,我收到此错误:
TokenMismatchException in VerifyCsrfToken.php line 46
When I perform the request, I'm receiving this error:
TokenMismatchException in VerifyCsrfToken.php line 46
我也尝试过将令牌作为X-XSRF-TOKEN
标头传递,但遇到相同的错误
I've also tried passing the token as a X-XSRF-TOKEN
header instead, but am getting the same error
当我设置X-XSRF-TOKEN
并省略_token
POST参数时,我遇到了另一个错误:
DecryptException in Encrypter.php line 142:
Invalid data.
When I set the X-XSRF-TOKEN
and omit the _token
POST parameter, I encounter a different error:
DecryptException in Encrypter.php line 142:
Invalid data.
我在这里想念什么?
更新: 经过更多调试并将该请求与AngularJS实现生成的请求进行比较后,我发现该问题是我需要对Cookie的值进行URL解码.
UPDATE: After some more debugging and comparing this request with requests being generated by an AngularJS implementation which ran side-by-side this implementation, I discovered the problem was that I needed to URL Decode the cookie's value.
从cookie中提取csrf令牌后,我只需要执行以下操作:
I simply needed to do the following, after extracting the csrf token from the cookies:
csrf_token = decodeURIComponent(csrf_token );
推荐答案
您可以将令牌添加到客户端的AJAX请求中,也可以将其添加为表单中的隐藏字段.您必须添加一种方法,让客户端知道令牌是什么.一种方法是从基本视图使用令牌元标记:
You add the token to the client's request either for AJAX or as a hidden field in a form. You have to add a way for the client to know what the token is. One method is to use the token meta tag from the base view:
<meta name="xsrf-token" content="{{Session::token()}}" />
然后在JavaScript端针对您可以执行的任何ajax请求进行操作:
Then in your javascript side for any ajax request you can do:
$(document).ready(function(){
$.ajaxSetup({
headers: {
'X-CSRF-Token':$('meta[name="xsrf-token"]).attr('content')
}
});
}
否则,当您发布时,可以在隐藏字段中使用CSRF令牌 如此:
Otherwise when you post you can use the CSRF token in a hidden field as so:
<input type="hidden" name="_token" value="{{Session::token()}}">
这篇关于遇到"VerifyCsrfToken.php中的TokenMismatchException";错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!