CakePHP ajax CSRF令牌不匹配 [英] CakePHP ajax CSRF token mismatch
问题描述
我正在用AppController中的Csrf组件加载ajax请求
I am making an ajax request with Csrf component load in my AppController
但是我收到错误 { message: CSRF令牌不匹配。, url: \ / module_slides\ / loadDeck.json,代码:403}
此处是请求标头
POST /module_slides/loadDeck.json HTTP/1.1
Host: www.hotelieracademy.com
Connection: keep-alive
Content-Length: 18
Origin: https://www.hotelieracademy.com
X-XSRF-TOKEN: 3d3901b1de9c5182dce2877c9e1d9db36cdf46a6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Referer: https://www.hotelieracademy.com/courses_employees/player/70
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: csrfToken=3d3901b1de9c5182dce2877c9e1d9db36cdf46a6; CAKEPHP=3n6lpi94hrdgsg8mv4fsnp1m30; _ga=GA1.2.2010364689.1424741587
我的Ajax代码
$.ajax({
url: '/module_slides/loadDeck.json',
type: 'POST',
headers: { 'X-XSRF-TOKEN' : this.csrfToken },
beforeSend: function (xhr) {
xhr.setRequestHeader('X-CSRF-Token', this.csrfToken);
},
dataType: 'json',
data: {
我已经离开 beforeSend:
如另一篇文章所建议,但似乎并未更改标题,因此我添加了 headers:
I have left the beforeSend:
as suggest by another post but does not seem to alter the header so I added headers:
我使用隐藏的输入来获取要在我的js代码中使用的CsfR令牌
I use a hidden input to get the CsfR token to use in my js code
<input id="csrfToken" type="hidden" value="<?= $this->request->getParam('_csrfToken') ?>">
推荐答案
我遇到了同样的问题。
可能是答案添加 _csrfToken: xxx xxxx到数据{}。
I've met the same problem. Probably, this is the answer to add "_csrfToken":"xxxxxxx" to data{}.
$.ajax({
url: '/module_slides/loadDeck.json',
type: 'POST',
headers: { 'X-XSRF-TOKEN' : this.csrfToken },
beforeSend: function (xhr) {
xhr.setRequestHeader('X-CSRF-Token', this.csrfToken);
},
dataType: 'json',
data: {
"_csrfToken":"3d3901b1de9c5182dce2877c9e1d9db36cdf46a6"
}
这是我的博客,但仅限日语。
http://www.tsuji75.com/?p=62
This is my blog.but it's Japanese Only. http://www.tsuji75.com/?p=62
这篇关于CakePHP ajax CSRF令牌不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!