Laravel 5 Auth Post提交 - TokenMismatchException在VerifyCsrfToken.php第46行 [英] Laravel 5 Auth Post Submit - TokenMismatchException in VerifyCsrfToken.php line 46
问题描述
我一直收到:TokenMismatchException在VerifyCsrfToken中.php第46行:提交登录或注册表单
...
我可以在登录表单页面上看到隐藏的令牌代码表单字段和会话在这一点是相同的...
作为一个测试,我也尝试了一些其他帖子建议评论
//'App \Http\Middleware\VerifyCsrfToken',在app / Http / kernal.php中看看会发生什么。每次我提交表单后,我会收到一条消息,指出重定向到:/ auth / login或/ auth / register,具体取决于我来自哪里,但没有成功。
<奇怪的是,当我第一次安装框架时,这个工作正常。从那时起,我所做的所有工作都进行了一些迁移,并设置了一些模型和控制器,并使用一些用户数据为数据库添加了种子。
更新:
仔细研究VerifyCsrfToken.php第55行的函数tokensMatch(),如果我:
的var_dump($请求 - >会话() - >令牌());
var_dump($ request-> input('_ token'));
我可以看到这两个标记是不同的,但是在表单中使用:
var_dump(Session :: all());
{{{csrf_token()}}}
。会话令牌在它到达VerifyCsrfToken.php的第55行的函数tokensMatch()之前已经改变了一些。
我的堆栈跟踪如下:
$ (VerifyCsrfToken.php)中的 (Pipeline.php)中的VerifyCsrfToken->句柄(对象(请求),对象(Closure))的第17行b $ b行125
在Pipeline-> Illuminate\Pipeline\ {闭包}请求))在Pipeline.php中的LineErrorsFromSession.php第55行
处的ShareErrorsFromSession->句柄(对象(请求),对象(闭包))行125
在管道 - >照亮\管道StartSession.php中的\\ {closure}(object(Request))行Pipeline.php中的StartSession-> handle(object(Request),object(Closure))行61
line 125 $ Pipeline- >在AddQueuedCookiesToResponse.php中的Illuminate \Pipeline\ {closure}(object(Request))行36
at AddQueuedCookiesToResponse-> handle(ob (EncryptCookies.php)中Pipeline.php行125
处的Pipeline-> Illuminate \Pipeline \ {closure}(object(Request))行中的$ obj在CheckInMaintenanceMode中,在Pipeline.php行125
处的EncryptCookies→>句柄(对象(请求),对象(Closure))处,处理Pipeline-> Illuminate \Pipeline \ {closure}(object(Request))。 php line 42
at Pipeline.php中的CheckForMaintenanceMode-> handle(object(Request),object(Closure))line 125
在Pipeline-> Illuminate\Pipeline\ {closure}(object (请求))
(在Pipeline.php中为call_user_func(object(Closure),object(Request))line 101
在Pipeline-> then(object(Closure))in Kernel.php line 111
在Kernel-> sendRequestThroughRouter(object(Request))in Kernel.php line 84
at Kernel-> handle(object(Request))in index.php line 53
我首先得到它的工作删除行:
'照亮Foundation\Http\Middleware\VerifyCsrfToken
从/app/Http/Resquests/Kernel.php。但是,这意味着 CSRF标记检查将被删除,这意味着您的网站将不受保护跨网站请求伪造。
更新
根据文档,您应该将CSRF标记添加到您的表单中,方法是将此代码添加到您的代码中:
< input type =hiddenname =_ tokenvalue ={{csrf_token()}}>
我在移动应用程序的后端服务中使用了第一种方法,但是我发现可以在请求中发送CSRF头。
Have just statred a new app in Laravel 5 and I am having some trouble using the out of the box auth...
I keep getting : TokenMismatchException in VerifyCsrfToken.php line 46: on submitting the login or signup forms...
I can see on the login form page the token codes that are in the hidden form field and Session at that point are the same...
As a test I have also tried as some other posts suggested commenting out //'App\Http\Middleware\VerifyCsrfToken', in app/Http/kernal.php to see what would happen. After doing this every time I submit a form I get a message which says redirecting to: /auth/login or /auth/register depending on where I came from with no success.
The weird thing was this was working when I first installed the framework. All I have done since then is run a few migrations and setup some of my models and controllers and seeded the db with some user data.
UPDATE:
Looking into this further in the function tokensMatch() on line 55 of VerifyCsrfToken.php if I :
var_dump($request->session()->token());
var_dump($request->input('_token'));
I can see the two tokens are different but at the form using:
var_dump(Session::all());
{{{ csrf_token() }}}
They are the same. The Session token has changed some how before it gets to the function tokensMatch() on line 55 of VerifyCsrfToken.php
My stack trace is as follows:
in VerifyCsrfToken.php line 46
at VerifyCsrfToken->handle(object(Request), object(Closure)) in VerifyCsrfToken.php line 17
at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in ShareErrorsFromSession.php line 55
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 40
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Kernel.php line 111
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84
at Kernel->handle(object(Request)) in index.php line 53
I first just got it working removing the line:
'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken'
from /app/Http/Resquests/Kernel.php. However, this means the CSRF token check will be removed, which implies that your website will not be protected from cross-site request forgeries.
Update According to the documentation, you should add the CSRF token to your form by adding this snippet to your code:
<input type="hidden" name="_token" value="{{ csrf_token() }}">
I used first way in backend services for mobile application but I find I can send send CSRF header within requests.
这篇关于Laravel 5 Auth Post提交 - TokenMismatchException在VerifyCsrfToken.php第46行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
