页面中所有表单的Laravel 5 CSRF全局令牌隐藏字段 [英] Laravel 5 CSRF global token hidden field for all forms in a page

问题描述

我最近迁移到Laravel 5，现在每个帖子提交都进行CSRF检查.我曾考虑过删除它，但我想遵循最佳做法，所以我会保持这种状态.

I recently migrated to Laravel 5, and now CSRF check is on every post submission. I thought about removing it but I want to follow the best practices, so I'll keep it that way.

另一方面，我在提交ajax请求时遇到了问题.我的页面有多种形式，有些提交甚至不是来自表单的，只是普通的ajax调用.我的想法是在页面上有一个隐藏的令牌"输入，并将其附加到每个提交中.拥有通用的单一令牌输入是否有任何弊端?

On the other hand, I'm problems submitting ajax requests.. my page has multiple forms and some submissions are not even from forms, just plain ajax calls. My idea is to have one single hidden "token" input on the page and attach it to every submission. Are there any drawbacks on having that universal single token input?

另外，我如何输出令牌?只需在页脚上创建隐藏的输入就可以了吗?

Also, how can I output the token? Would it be ok to just create a hidden input on the page footer?

推荐答案

我看不到任何缺点.您可以在布局文件中轻松创建全局令牌字段:

I don't see any drawbacks. You can easily create a global token field in your layout file:

<input type="hidden" name="_token" id="csrf-token" value="{{ Session::token() }}" />

或者，如果您使用表单生成器:

Or if you use the form builder:

{!! Form::token() !!}

---

在jQuery中，您可以使用此之类的东西将令牌附加到每个请求.

---

In jQuery you could use something like this to attach the token to every request.

这篇关于页面中所有表单的Laravel 5 CSRF全局令牌隐藏字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！