Laravel5.2不需要的VerifyCsrfToken
[英]Laravel5.2 Unwanted VerifyCsrfToken
问题描述
i set up fresh L5.2 and my route files after changes looks like that: 
我设置了新的L5.2,更改后的路由文件如下所示:
<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Route::get('/', function () {
return view('welcome');
});
Route::group(['middleware' =>'api', 'prefix' => '/api/v1'], function () {
Route::post('/api/v1/login', 'Api\V1\Auth\AuthController@postLogin');
});
When i go to postman and make POST: http://kumarajiva.dev/api/v1/login I get: TokenMismatchException in VerifyCsrfToken.php line 67 当我去邮递员TokenMismatchException in VerifyCsrfToken.php line 67 : http : TokenMismatchException in VerifyCsrfToken.php line 67我得到: TokenMismatchException in VerifyCsrfToken.php line 67
But me kernel file looks like that: 但是我的内核文件看起来像这样:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
];
I don't change anything. 我什么都没改变。 Route 'login' is in 'api' middelware group (not 'web' where is VerifyCsrfToken), but surprisingly I get above error. 路由“登录”位于“ api”中间件组中(而不是“ Web”,此处为VerifyCsrfToken),但令人惊讶的是我遇到了以上错误。 So I wonder - wtf? 所以我想知道-wtf? Howi it works? 怎么样呢? Do 'web' middelware group is allways executed (for each request)? 是否始终执行“ Web”中间件组(针对每个请求)?
1 个解决方案
解决方案1
1 已采纳 2016-07-15 23:25:24
By default, it looks as if all routes are wrapped into the 'web' group. 默认情况下,看起来所有路由都包裹在“ web”组中。
Within RouteServiceProvider there is this function. 在RouteServiceProvider有此功能。
/**
* Define the "web" routes for the application.
*
* These routes all receive session state, CSRF protection, etc.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
protected function mapWebRoutes(Router $router)
{
$router->group([
'namespace' => $this->namespace, 'middleware' => 'web',
], function ($router) {
require app_path('Http/routes.php');
});
}
If you want a specific uri to not check for the CSRF Token, go to App\\Http\\Middleware\\VerifyCsrfToken and add the uri to the $except array. 如果要特定的uri不检查CSRF令牌,请转到App\\Http\\Middleware\\VerifyCsrfToken并将uri添加到$except数组中。
You can also use the CLI and php artisan route:list to see what routes are in behind what middleware. 您还可以使用CLI和php artisan route:list来查看哪些中间件后面的路由。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.