Laravel 419错误-VerifyCsrfToken问题 [英] Laravel 419 Error - VerifyCsrfToken issue
问题描述
我在同一台服务器上托管了多个Laravel网站.使用我创建的最新网站,联系表格将拒绝提交而不会引发419错误.就像其他网站一样,我已经在web.php文件中设置了路由,这些网站具有实时有效的联系表单,并且我以完全相同的方式生成和发送令牌-使用{{ csrf_field() }}.
I have multiple Laravel sites hosted on the same server. With the latest site I've created, the contact form refuses to submit without throwing a 419 error. I have set up the routing in my web.php file just like the other websites, which have live, working contact forms, and I'm generating and sending the token exactly the same way - with {{ csrf_field() }}.
我找到了一个类似问题的答案,指出您可以通过将条目添加到app/Http/Middleware/VerifyCsrfToken.php中的$except数组来禁用Csrf检查.我已验证这确实可以解决419错误:
I found an answer to a similar question stating that you can disable Csrf checking by adding entries to the $except array in app/Http/Middleware/VerifyCsrfToken.php. I have verified that this does indeed resolve the 419 error:
protected $except = [
'contact',
'contact*',
];
但是我当然希望保留Csrf功能,并且我只更新了$except数组以获取故障排除值.
But of course I wish to keep the Csrf functionality, and I only updated the $except array for troubleshooting value.
有人知道新的Laravel环境尽管传递了生成的令牌仍会具有419行为,但可能有什么不同吗?我曾尝试过更新一些ENV设置并切换不同的内容,但是除了修改$except数组外,其他都没有对该问题产生任何影响.
Does anyone know what may be different about the new Laravel environment that would have this 419 behavior despite passing the generated token? I have tried updating a number of ENV settings and toggling different things, but nothing other than modifying the $except array has had any influence on the issue.
由于到目前为止已经进行了一些讨论,所以我想我会提供一些其他信息和代码.
Since there has been a bit of discussion so far, I figured I'd provide some additional info and code.
首先,这是一个ajax形式,但是请不要跳出座位.我一直在测试带有或不带有ajax的表单.如果我想用ajax进行测试,我只需单击连接到jQuery侦听器的按钮.如果没有,我将更改或删除按钮的ID,或者在控制台窗口中运行$("#formName").submit();.
First, this is an ajax form, but don't jump out of your seat just yet. I have been testing the form both with and without ajax. If I want to test with ajax, I just click the button that's hooked up to the jQuery listener. If not, I change or remove the button's ID, or run $("#formName").submit(); in the console window.
以上内容(ajax,老式提交以及带有.submit();的jquery选择器)都导致完全相同的响应-419错误.
The above (ajax, old-fashioned submit, and the jquery selector with .submit();) all result in the exact same response - a 419 error.
为了完整起见,这是我的ajax代码,该代码可在我托管的所有其他网站上使用.我定义了一个postData数组以保持其整洁,并在它之后直接添加了一个console.log()语句,以(再次)确认令牌生成得很好并且可以正确地与请求一起传递.
And for the sake of completeness, here's my ajax code which is working on all of the other websites I'm hosting. I define a postData array to keep it all tidy, and I added a console.log() statement directly after it to (again) confirm that token is generated just fine and is being passed correctly with the request.
var postData = {
name: $("#name").val(),
email: $("#email").val(),
message: $("#message").val(),
_token: $("input[name=_token]").val()
};
console.log(postData);
$.post("/contact", postData, function (data) {
...
有什么想法吗?我的ENV或其他文件可能存在配置问题吗?
Any ideas? Could there be a configuration issue with my ENV or another file?
由于其他站点都可以正常工作,因此我克隆了一个旧站点,并简单地覆盖了为新网站更改的文件,然后变得更加糟糕!现在正在工作.多做一些挖掘,在网站的克隆版本和非工作版本上运行php artisan --version,结果如下:
Because the other sites are working just fine, I cloned an old site and simply overwrote the files that I changed for the new website, and bam! It's working now. Doing a little bit more digging, I ran php artisan --version on the cloned version of the site versus the non-working version, and here are the results:
工作版本:Laravel Framework 5.7.3
Working Version: Laravel Framework 5.7.3
非工作版本:Laravel Framework 5.7.9
Non-working Version: Laravel Framework 5.7.9
也许这是Laravel的错误?还是服务器上的某些软件包已过时,需要更新才能与新版本的Laravel一起使用?
Perhaps this is a bug with Laravel? Or perhaps some packages on my server are out of date and need to be updated to work with the new version of Laravel?
推荐答案
刚刚在框架存储库中发现了您的问题. 这不是laravel问题,您的安装缺少对存储文件夹的写入权限,因此laravel无法写入会话,日志等.
just found your issue on the framework repo. It is not a laravel issue, your installation is missing write permissions on the storage folder, thus laravel can't write session, logs, etc.
您收到419错误,因为您无法写入文件,因此无法创建sessionn,因此无法验证csrf令牌.
You get a 419 error because you can't write to the files, thus you can't create a sessionn, thus you can't verify the csrf token.
快速修复:chmod -R 777 storage
正确的解决方法:将您的安装移动到nginx/apache/您的用户实际可以写的文件夹中.
如果您使用的是nginx/apache,请将您的应用移到该位置,并对项目(chown -R www-data: /path-to-project)授予正确的权限
如果您使用的是php artisan serve,请更改其对用户的权限:chown -R $(whoami) /path-to-project
Right fix: move your installation to a folder where nginx/apache/your user can actually write.
If you are using nginx/apache, move you app there and give the right permissions on the project (chown -R www-data: /path-to-project)
If you are using php artisan serve, change it's permissions to your user: chown -R $(whoami) /path-to-project
你明白了,让作家们写作,你就很好.
You get it, let writers write and you're good.
这篇关于Laravel 419错误-VerifyCsrfToken问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
