ajax请求中的laravel TokenMismatchException
我正在使用资源组并使用此过滤器来解决 TokenMismatchException
问题:
i'm using resource group and use this filter to resolve TokenMismatchException
problem:
Route::filter('csrf', function($route, $request) {
if (strtoupper($request -> getMethod()) === 'GET') {
return;
// get requests are not CSRF protected
}
$token = $request -> ajax() ? $request -> header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new IlluminateSessionTokenMismatchException;
}
});
我的路线:
Route::group(array('prefix'=> 'admin', 'before' => 'csrf'), function(){
Route::resource('profile' , 'ProfileController', array('as'=>'profile') );
});
现在.我收到 Ajax 请求错误,例如此代码:
now. i get error to Ajax requests such as this code:
<script type="text/javascript">
$(document).ready(function() {
$('#frm').submit(function(e){
e.preventDefault();
name = $('#name').val();
family = $('#family').val();
email = $('#email').val();
currPassword = $('#currPassword').val();
password = $('#password').val();
password_confirmation = $('#password_confirmation').val();
$.post("{{ route('admin.profile.update', $profile->id) }}",
{
_method : 'PUT',
name : name,
family : family,
email : email,
currPassword : currPassword,
password : password,
password_confirmation : password_confirmation
},
function(data)
{
alert(data.errors.name);
},'json');
return false;
});
});
</script>
错误:
{"error":{"type":"Illuminate\Session\TokenMismatchException","message":"","file":"/var/www/alachiq/app/filters.php","line":83}}
我认为我必须在 $.post
中发送 _token.但我无法获得具有 name
属性的 input
标记.我得到这个错误:
i think i'm must be sent _token in $.post
. but i can not get input
tag with name
attribute. iget this error:
TypeError: 'stepUp' called on an object that does not implement interface HTMLInputElement.
推荐答案
Laravel 文档中有一个关于如何做到这一点的提示.这在提出问题时可能不可用,但我想我会用答案更新它.
There is a tip in the Laravel docs on how to do this. This might not have been available at the time of the question, but I thought I would update it with a answer.
http://laravel.com/docs/master/routing#csrf-x-csrf-令牌
我已经测试了文档中的元标记方法并使其正常工作.将以下元标记添加到您的全局模板中
I have tested the meta tag method from the documentation and got it working. Add the following meta tag into your global template
<meta name="csrf-token" content="{{ csrf_token() }}">
添加此 JavaScript,为 jQuery 中的所有 ajax 请求设置默认值.最好在您的应用中包含的 js 文件中.
Add this JavaScript that sets defaults for all ajax request in jQuery. Preferably in a js file that is included across your app.
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
})
此令牌可以存在于请求标头或表单中.这会将其填充到每个 ajax 请求的请求标头中.
This token can exist in the request header or the form. This populates it into the request header of every ajax request.
相关文章