[英]Laravel 4 CSRF form submit through Ajax call
I'm new to both Stackoverflow and Laravel 4, I am trying to submit a form through jquery ajax. 我是Stackoverflow和Laravel 4的新手,我试图通过jquery ajax提交表单。 I serializeArray() the form and use json to submit it. 我serializeArray()表单并使用json提交它。 In laravel, in the routes I check the csrf token submitted, the go to my controller for process inputs. 在laravel中,在检查提交的csrf令牌的路径中,转到我的控制器进行过程输入。 The csrf check doesn't work when the _token input is in an array as with serializeArray(). 当_token输入与serializeArray()一样在数组中时,csrf检查不起作用。 I have to get the _token value and submit is as a seperate ajax data. 我必须得到_token值并提交作为单独的ajax数据。 I'm wondering if there is a way to tell csrf filter where ever its running to check the input array for hte field _token and use that? 我想知道是否有办法告诉csrf过滤器哪里运行检查输入数组的hte字段_token并使用它? here is my code: 这是我的代码:
routes.php routes.php文件
Route::post('searchAjax', array('before' => 'csrf',
'uses' => 'SearchController@searchAjax'));
This is where I wan't it to read the array form[0]['_token] but I don't know how to tell it to do that. 这是我想要读取数组[0] ['_ token]的地方,但我不知道如何告诉它这样做。
index.js
var form = $('#search').serializeArray();
var token = $('#search > input[name="_token"]').val();
$.ajax({
type: 'post',
url: 'searchAjax',
dataType: 'json',
data: { _token: token, form: form },
success: function(data) {
for(var key in data)
{
//alert(key)
}
//alert(data.message);
}
});
I want to get rid of { _token: token, form: form } in the ajax call and just have 'form' that is an array with _token in it already. 我想在ajax调用中删除{_token:token,form:form},并且只有'form',它已经是一个带有_token的数组。 here is the html: 这是html:
<form id="search" class="form-horizontal" accept-charset="UTF-8" action="http://testing:998/search" method="POST">
<input type="hidden" value="6GBbv9LmnOdL8UcOsm8DDJ4Bfi6eGcQRlC9SPdL4" name="_token">
<div class="control-group">
<label class="control-label" for="title">Book Titles</label>
<div class="controls">
<input id="title" class="input" type="text" value="click to search book titles" name="title">
</div>
</div>
<div class="control-group">
<div class="control-group">
<div class="control-group">
</form>
Thank you in advance. 先感谢您。 :) :)
Another option is to use the approach outlined by Kelt Dockins which is to send the token in the headers using jquery, eg. 另一种选择是使用Kelt Dockins概述的方法,即使用jquery在头文件中发送令牌,例如。 somewhere in your jquery/javascript bootstrapping add: 你的jquery / javascript bootstrapping中的某个地方添加:
$.ajaxSetup({
headers: {
'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
}
});
This will get the CSRF token from a header meta data tag and include it in the headers of each ajax request. 这将从头元数据标记中获取CSRF令牌,并将其包含在每个ajax请求的标头中。 Then you need to add the metadata and token into your Laravel templates, eg. 然后,您需要将元数据和令牌添加到Laravel模板中,例如。
<head>
<title>My Page</title>
<meta name="csrf-token" content="<?= csrf_token() ?>">
You also need to modify the CSRF filter to check the ajax request header as well the default Input::get('_token') 您还需要修改CSRF过滤器以检查ajax请求标头以及默认的Input :: get('_ token')
Route::filter('csrf', function()
{
$token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchException;
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.