CakePHP ajax CSRF令牌不匹配 [英] CakePHP ajax CSRF token mismatch

查看:106
本文介绍了CakePHP ajax CSRF令牌不匹配的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在用AppController中的Csrf组件加载ajax请求

I am making an ajax request with Csrf component load in my AppController

但是我收到错误 { message: CSRF令牌不匹配。, url: \ / module_slides\ / loadDeck.json,代码:403}

此处是请求标头

POST /module_slides/loadDeck.json HTTP/1.1
Host: www.hotelieracademy.com
Connection: keep-alive
Content-Length: 18
Origin: https://www.hotelieracademy.com
X-XSRF-TOKEN: 3d3901b1de9c5182dce2877c9e1d9db36cdf46a6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Referer: https://www.hotelieracademy.com/courses_employees/player/70
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: csrfToken=3d3901b1de9c5182dce2877c9e1d9db36cdf46a6; CAKEPHP=3n6lpi94hrdgsg8mv4fsnp1m30; _ga=GA1.2.2010364689.1424741587

我的Ajax代码

$.ajax({
            url: '/module_slides/loadDeck.json',
            type: 'POST',
            headers: { 'X-XSRF-TOKEN' : this.csrfToken },
            beforeSend: function (xhr) {
                xhr.setRequestHeader('X-CSRF-Token', this.csrfToken);
            },
            dataType: 'json',
            data: {

我已经离开 beforeSend:如另一篇文章所建议,但似乎并未更改标题,因此我添加了 headers:

I have left the beforeSend: as suggest by another post but does not seem to alter the header so I added headers:

我使用隐藏的输入来获取要在我的js代码中使用的CsfR令牌

I use a hidden input to get the CsfR token to use in my js code

<input id="csrfToken" type="hidden" value="<?= $this->request->getParam('_csrfToken') ?>">


推荐答案

我遇到了同样的问题。
可能是答案添加 _csrfToken: xxx xxxx到数据{}。

I've met the same problem. Probably, this is the answer to add "_csrfToken":"xxxxxxx" to data{}.

$.ajax({
        url: '/module_slides/loadDeck.json',
        type: 'POST',
        headers: { 'X-XSRF-TOKEN' : this.csrfToken },
        beforeSend: function (xhr) {
            xhr.setRequestHeader('X-CSRF-Token', this.csrfToken);
        },
        dataType: 'json',
        data: {
           "_csrfToken":"3d3901b1de9c5182dce2877c9e1d9db36cdf46a6"
        }

这是我的博客,但仅限日语。
http://www.tsuji75.com/?p=62

This is my blog.but it's Japanese Only. http://www.tsuji75.com/?p=62

这篇关于CakePHP ajax CSRF令牌不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆