为什么在使用Form :: open()时CSRF令牌为空? [英] Why is my CSRF token empty when using Form::open()?

问题描述

我只是刚刚，所以请原谅我.我对CodeIgniter有扎实的了解，所以我了解发生了什么.但是，我注意到在创建表单时，我的CSRF令牌为空.我正在观看laracasts视频，以期了解Laravel工作流程.

I am just starting out so please forgive me. I have a solid grasp on CodeIgniter, so I understand what is going on. However, I am noticing that my CSRF token is empty when I am creating a form. I am working through the laracasts videos to get a gasp on Laravel workflow.

myfile.blade.php

 {!! Form::open((array('action' => 'MyController@method'))) !!}
    ...
 {{!! Form::close() !!}}

当我查看源代码时，这就是我得到的:

Here is what I am getting when I view the source:

<form method="POST" action="http://mysite.dev/route" accept-charset="UTF-8">
<input name="_token" type="hidden">
</form>

我已经浏览了config目录，但对于启用csrf却一无所获.我需要更新的地方还有其他设置吗?

I've looked through the config directory, but see nothing on having to enable csrf. Is there an additional setting somewhere I need to update?

谢谢您的建议.

编辑

即使这给了我一个空的隐藏输入字段:

Even this gives me an empty hidden input field:

{{ Form::token() }}  // <input name="_token" type="hidden">

编辑

这是我的控制器的外观:

Here is what my controller looks like:

//use Illuminate\Http\Request;
use Request;
use App\Article;
use App\Http\Requests;
use App\Http\Controllers\Controller;


public function store(Request $request)
{
    $input = Request::all();

    return $input;
}

所以我更新的表单标签如下:

So my updated form tag looks like this:

{!! Form::open((array('action' => 'ArticleController@store'))) !!}
...

提交后，我可以看到json响应-令牌显然为空.

When I submit, I can see the json response - the token is obviously empty.

{"_token":"","title":"test","body":"test"}

推荐答案

Laravel基础系列适用于Laravel 5.0，因此您有一些选择.您可以安装Laravel 5.0来继续该系列.为了安装L5.0，您需要运行以下命令:

The Laravel Fundamental series is for Laravel 5.0 so you have a few options. You can install Laravel 5.0 to continue with that series. In order to install L5.0, you need to run this command:

composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist

但是，如果您想使用Laravel 5.2(我建议这样做，并且Jeffrey Way最有可能在不久的将来发布系列文章)，则需要考虑一些其他事项.

If you want to use Laravel 5.2 though (which I would recommend and Jeffrey Way will most likely release a series on this soon), there are several extra things to take into consideration.

首先，将您的所有路由放入网络"中间件组中，如下所示:

First, put all your routes inside a "web" middleware group like this:

Route::group(['middleware' => ['web']], function () {

    // Put your routes inside here

});

过去，默认情况下，在每个请求上都有几种中间件运行.在5.2中，情况不再如此.例如，令牌存储在会话中，但是在5.2中，不会自动应用"StartSession"中间件之类的东西.结果，网络"中间件需要应用于您的路由. 5.2中发生此更改的原因:

In the past, there were several middlewares that ran on every request by default. In 5.2, this is no longer the case. For example, the token is stored in the session, but in 5.2, things like the "StartSession" middleware are not automatically applied. As a result, the "web" middleware need to be applied to your routes. The reason for this change in 5.2:

中间件组允许您将多个路由中间件归为一个方便的键，从而允许您一次将多个中间件分配给一个路由.例如，在同一应用程序中构建Web UI和API时，这可能会很有用.您可以将会话和CSRF路由分组为web组，也可以将速率限制器分组为api组.

Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web group, and perhaps the rate limiter in the api group.

此外，在Laravel基础系列中，Jeffrey引入了"illuminate/html"软件包，但是现在，大多数人都使用laravel集体软件包.他们处理了很多从核心中取出的Laravel软件包.结果，我将删除"illuminate/html"包.在您的composer.json文件中，删除"illuminate/html: 5.0"(或require部分中的所有内容).另外，删除相应的服务提供商，并添加到config/app.php文件的表单外观.

Also, in the Laravel Fundamental series, Jeffrey pulls in the "illuminate/html" package, but now, most people use the laravel collective package. They handle a lot of the Laravel packages that are taken out of the core. As a result, I would remove the "illuminate/html" package. In your composer.json file, remove "illuminate/html: 5.0" (or whatever is in the require section). Also, remove the corresponding service provider and form facades that you added to your config/app.php file.

要安装laravel集体版本，请将其添加到您的composer.json文件中:"laravelcollective/html": "5.2.*-dev".然后，运行composer update.完成后，在您的config/app.php文件中，将此文件添加到您的provider数组中:

To install the laravel collective version, add this in your composer.json file instead: "laravelcollective/html": "5.2.*-dev". Then, run composer update. Once that's done, in your config/app.php file, add this to your providers array:

Collective\Html\HtmlServiceProvider::class,

并将其添加到您的别名数组:

and add this to your aliases array:

'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,

我希望我不会再错过任何其他东西.

I hope I'm not missing anything else.

这篇关于为什么在使用Form :: open()时CSRF令牌为空?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！