为什么Laravel Api在POST和PUT方法上返回419状态代码? [英] Why Laravel Api return 419 status code on POST and PUT Method?

问题描述

我正在尝试使用laravel创建一个Restful api，并使用 php artisan make:controller RestController 创建我的控制器，这是我的控制器代码:

I am trying to create a Restful api by using laravel and create my controller using php artisan make:controller RestController and this is my controller Code:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class RestController extends Controller
{
    private $arr = array(
            array("name"=>"jon", "family"=>"doe"),
            array("name"=>"jhon", "family" => "doue")
        );
    public function index(){
        return json_encode($this->arr);
    }

    public function store(Request $request){
        return "oops!!";
    }

    public function update (Request $request, $id){
        return "test";
    }

}

，然后在我的route/web.php文件中添加以下代码行以创建此路由

and I add this line of code to create this route in my routes/web.php file

Route::resource('person', 'RestController');

当我尝试在GET/person上测试此api时，它工作正常，但在发布时，我从laravel中获取了419状态代码.

when I try to test this api on GET /person it work fine but on post and put I am getting 419 status code from laravel.

推荐答案

如果您要开发Rest API，最好不要添加令牌.如果您使用的是5.4或5.5，则可以使用api.php代替web.php.在api中.php，您无需在发布请求时进行令牌验证.

if you are developing rest apis better not to add token .if you are using 5.4 or 5.5 you can use api.php instead of web.php .In api.php you dont need token verifcation on post request.

如果您使用的是web.php，那么您将放弃令牌.这是官方文档

if you are using web.php then you exculde token .Here is the official documentation

从CSRF保护中排除URI

有时您可能希望从CSRF保护中排除一组URI.例如，如果您正在使用Stripe处理付款并利用其webhook系统，则您将需要从CSRF保护中排除您的Stripe webhook处理程序路由，因为Stripe不知道要发送到您的路由的CSRF令牌.

Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

通常，您应该将这些类型的路由放置在RouteServiceProvider应用于所有路由的Web中间件组之外，该路由在route/web.php文件中.但是，您也可以通过将其URI添加到VerifyCsrfToken中间件的$ except属性中来排除路由:

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
    ];
}

以供参考

https://laravel.com/docs/5.5/csrf

这篇关于为什么Laravel Api在POST和PUT方法上返回419状态代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！