CakePHP 3 API的POST请求不起作用 [英] POST Requests for CakePHP 3 API are not working
问题描述
我正在使用CakePHP 3.x文档开发API。为了开发此API,我使用了他们的官方文档: https://book.cakephp .org / 3.0 / en / development / rest.html
I am developing an API using CakePHP 3.x documentation. To develop this API I am using their official documentation: https://book.cakephp.org/3.0/en/development/rest.html
当我尝试使用url http://localhost/healthcare_portal/eapi/applicants/index.json ,我得到了预期的json结果
When I try to access my api using GET request on url http://localhost/healthcare_portal/eapi/applicants/index.json, I get follow expected json result
{
"applicants": [
{
"applicant_id": 1,
"name": "Manender"
},
{
"applicant_id": 2,
"name": "mayank"
}
]
}
但是当我使用POST请求在相同的URL上访问我的api时 http://localhost/healthcare_portal/eapi/applicants/index.j儿子,我收到CSRF不匹配令牌错误。在这种情况下,来自API的响应是
But when I access my api using POST request on same url http://localhost/healthcare_portal/eapi/applicants/index.json, I get CSRF Mismatch Token Error. Response from API in this case is
{
"message": "Missing CSRF token cookie",
"url": "/applicants/index.json",
"code": 403,
"file": "/opt/lampp/htdocs/healthcare_portal/eapi/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php",
"line": 191
}
我尝试了其他替代方法,例如添加
I have tried other alternatives as adding
$input = (array) $this->request->input('json_decode', true);
在我的控制器操作中,但这是我在发布请求时收到相同的错误。如果有人遇到相同的问题,请帮助我取得突破。
in my controller's action but this is I get same error on post request. If anyone faced same issue, please help me in getting a breakthrough.
推荐答案
如 3.6版本的发布请求中的CSRF令牌不匹配 ,默认应用模板最近已默认启用CSRF保护中间件,要求CSRF令牌和cookie与非 GET 请求一起发送。
您的API最有可能需要某种形式的身份验证,并且在身份验证不依赖Cookie或(HTTP)基本身份验证或浏览器/客户端将自动发送/使用HTTP请求执行操作,则不需要CSRF保护,因为不可能使用CSRF。
You API should most likely require some form of authentication, and in case that authentication does not rely on cookies, or (HTTP) Basic authentication, or any other form of authentication which browsers/clients will automatically send/perform with HTTP requests, then you don't need CSRF protection, as CSRF would not be possible.
如果您的API确实不需要CSRF保护,则可以将其禁用,例如通过使用自定义的中间件处理程序(检查请求URL或路由并有条件地应用CSRF中间件)或通过在路由作用域上应用中间件来实现足够的功能,以便可以排除API范围,请参见 Cakephp 3.5.6禁用控制器的CSRF中间件
If you really don't need CSRF protection for your API, then you can disable it, for example by using a custom middleware handler that checks the request URL or route and applies the CSRF middleware conditionally, or by applying the middleware on routing scopes, so that you can exclude your API scope, see Cakephp 3.5.6 disable CSRF Middleware for controller.
如果您的API使用表单验证 倾向于CSRF的方式,那么您应该找出一种服务cookie的方法(中间件将根据 GET 请求自动设置cookie。 )和CSRF令牌(它们可以在请求对象上使用,例如 $ request-> getParam('_ csrfToken')),以便他们可以将它们与
If your API uses a form of authentication that is prone to CSRF, then you should figure out a way to serve the cookies (the middleware will automatically set the cookie on GET requests) and CSRF tokens (they are available on the request object like $request->getParam('_csrfToken')) to your clients, so that they can send them alongside their requests.
- 食谱>中间件>跨站点请求伪造(CSRF)中间件
- https:/ /security.stackexchange.com/questions/166724/should-i-use-csrf-protection-on-rest-api-endpoints
- Cookbook > Middleware > Cross Site Request Forgery (CSRF) Middleware
- https://security.stackexchange.com/questions/166724/should-i-use-csrf-protection-on-rest-api-endpoints
这篇关于CakePHP 3 API的POST请求不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
