Laravel Spark:登录页面上的CSRF失败 [英] Laravel Spark: CSRF Failure on Login Page
问题描述
使用Laravel Spark(或任何具有CSRF保护的Laravel登录表单),如果用户在一段时间内保持登录页面处于打开状态(例如,使窗口保持打开状态并稍后返回),然后尝试登录时,他们会看到一个错误.
Using Laravel Spark (or any Laravel login form with CSRF protection), if a user leaves the login page open for a period of time (like, say, leaving the window open at work and returning to it later) and then attempts to login, they're presented with an error.
哇,看起来好像出了点问题.
Whoops, looks like something went wrong.
(1/1)TokenMismatchException(第68行)
(1/1) TokenMismatchException in VerifyCsrfToken.php (line 68)
这是有道理的,因为CSRF令牌是date/time
敏感的.但是,这里的用户体验并不理想.
This makes sense, as CSRF tokens are date/time
sensitive. However, the user experience here is less than ideal.
在我们重新发明轮子之前.是否有Laravel Standard Practice™可以提供更好的用户体验?还是每个人都只是滚动自己的CSRF中间件,而中间件以更友好的方式失败了?
Before we go reinventing the wheel. Is there any Laravel Standard Practice™ for providing a better user experience around this? Or does everyone just roll their own CSRF middleware/middlewares that fails in a more friendly way?
推荐答案
这正在发生变化在Laravel 5.5中. TokenMismatchException现在正在产生一个更优雅的错误页面,通知用户该页面已由于不活动而过期,并建议他们刷新并重试.
This is changing in Laravel 5.5. The TokenMismatchException is now producing a more elegant error page informing the user that the page has expired due to inactivity and advising them to refresh and try again.
所以您现在正在做的可能是Laravel Standard Practice™:)
So what you're doing is probably the Laravel Standard Practice™ now :)
这篇关于Laravel Spark:登录页面上的CSRF失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!