Laravel 5.1 - 仅在Safari浏览器上使用iframe的令牌不匹配问题 [英] Laravel 5.1 - Token Mismatch issue with Iframes on Safari Browser Only
问题描述
我在laravel 5.1中创建了几个表单,现在我在使用IFrame的另一个站点上使用这些表单。这些表单适用于Safari以外的所有浏览器。当我在填写表单后尝试提交/发布数据时,我收到错误CSRF Token Mismatch,我不知道这里有什么问题,csrf令牌也正在创建和发送。这只发生在Safari浏览器的情况下。
I have created few forms in laravel 5.1, now i am using those forms on another site using IFrame. Those forms works in all browsers except Safari. When i try to submit/post data after filling up forms, i get error "CSRF Token Mismatch", I dont know what the issue here, csrf token is also being created and sent. This is only happening in case of safari browser.
有人可以指导我如何摆脱这个问题吗?
Can someone guide me that how i can get rid of this issue??
重现步骤:
创建表单,然后通过IFrame使用它。提交表单后,会生成CSRF令牌不匹配错误。
create a form and then use it via IFrame. after form is submitted, CSRF Token Mismatch error is generated.
如何解决此问题?请帮忙!
How to solve this? Please help!
代码示例:
<form method="post" action="/step1/{{$voucher->user_id}}" accept-charset="UTF-8">
<input name="_method" type="hidden" value="post">
{!! csrf_field() !!}
<div class="row" style="margin-top:15px; margin-bottom:15px;">
<div class="col-md-4 col-xs-5 hidden">
<input name="voucher_id" type="hidden" value="{{$voucher->id}}" id="voucher_id">
<input class="form-control spin text-center qty1" name="qty" id="qty" type="text" value="1" >
<input name="r_full_name" type="hidden" value="" id="r_full_name">
</div>
<div class="col-md-3 col-xs-3">
<button type="submit" class="btn btn-theme"><i class="fa fa-shopping-cart" aria-hidden="true"></i> | BUY</button>
</div>
</form>
这是示例代码...所有这些在任何其他浏览器(FF,Chrome)中都很完美但是当我把这个表格放到另一个网站的iframe中时,我得到TokenMissmatch错误......
this is sample code... AGAIN all this works perfect in any other browser (FF, Chrome) but when I put this forms into iframe in another site then I get TokenMissmatch error...
推荐答案
这很可能与Safari如何处理cookie和iframe,请参阅这个问题的答案。似乎是旧版本的 Safari开发者常见问题解答,其中包含
This is most likely related to how Safari handles cookies and iframes, please see the answer from this question which quotes what seems like an older version of the Safari Developer FAQ which states
Safari附带一个保守的cookie策略,限制cookie
只写入用户选择的页面(导航到)。这个
默认保守政策可能会混淆基于框架的网站,这些网站尝试
来编写cookie并失败。
Safari ships with a conservative cookie policy which limits cookie writes to only the pages chosen ("navigated to") by the user. This default conservative policy may confuse frame based sites that attempt to write cookies and fail.
那会解释你为什么遇到这个问题。
That would explain why you are having trouble with this.
该问题的第二个答案提出了一个可以找到的解决方案这里。这与重定向到拥有cookie的域,设置会话并重定向回来基本相同,这是另一个提到的解决方案这里。
The second answer to that question proposes a solution which can be found here. This is basically the same thing as doing a redirect to the domain that owns the cookies, setting the session and redirecting back, which is another solution which is mentioned here.
这篇关于Laravel 5.1 - 仅在Safari浏览器上使用iframe的令牌不匹配问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
