为什么 Laravel API 在 POST 和 PUT 方法上返回 419 状态代码? [英] Why does the Laravel API return a 419 status code on POST and PUT methods?

问题描述

我正在尝试使用 Laravel 创建一个 RESTful API.我已经使用 php artisan make:controller RestController 创建了我的控制器，这是我的控制器代码:

I am trying to create a RESTful API by using Laravel. I have created my controller using php artisan make:controller RestController and this is my controller code:

<?php

namespace AppHttpControllers;

use IlluminateHttpRequest;

class RestController extends Controller
{
    private $arr = array(
            array("name"=>"jon", "family"=>"doe"),
            array("name"=>"jhon", "family" => "doue")
        );
    public function index(){
        return json_encode($this->arr);
    }

    public function store(Request $request){
        return "oops!!";
    }

    public function update (Request $request, $id){
        return "test";
    }

}

我已经添加了这行代码来在我的 routes/web.php 文件中创建这个路由:

I have added this line of code to create this route in my routes/web.php file:

Route::resource('person', 'RestController');

当我尝试在 GET/person 上测试这个 api 时，它工作正常，但在 POST 和 PUT 上，我从 Laravel 收到了 419 状态代码.

When I try to test this api on GET /person it works fine but on POST and PUT I am getting a 419 status code from Laravel.

推荐答案

如果您正在开发 REST API，则最好不要添加令牌.如果您使用的是 5.4 或 5.5，您可以使用 api.php 而不是 web.php.在 api.php 中，您不需要对发布请求进行令牌验证.

If you are developing REST APIs, you better not add tokens. If you are using 5.4 or 5.5 you can use api.php instead of web.php. In api.php you don't need token verifcation on post requests.

如果您使用的是 web.php，那么您可以排除不想使用 CSRF 令牌验证的路由.

If you are using web.php, then you can exculde routes that you don't want to validate with CSRF Tokens.

这里是官方文档:

有时您可能希望从 CSRF 保护中排除一组 URI.例如，如果您使用 Stripe 处理付款并使用他们的 webhook 系统，您将需要从 CSRF 保护中排除您的 Stripe webhook 处理程序路由，因为 Stripe 不知道要向您的路由发送什么 CSRF 令牌.

Excluding URIs From CSRF Protection

Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

通常，您应该将这些类型的路由放置在 RouteServiceProvider 应用于 routes/web.php<中的所有路由的 web 中间件组之外/代码> 文件.但是，您也可以通过将路由的 URI 添加到 VerifyCsrfToken 中间件的 $except 属性来排除路由:

Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

<?php

namespace AppHttpMiddleware;

use IlluminateFoundationHttpMiddlewareVerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
        'http://example.com/foo/bar',
        'http://example.com/foo/*',
    ];
}

参考https://laravel.com/docs/5.5/csrf

这篇关于为什么 Laravel API 在 POST 和 PUT 方法上返回 419 状态代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！