流明的饼干
[英]Cookies in Lumen
问题描述
Since the last version (5.2), cookies are disabled in Lumen. 
从上一个版本(5.2)开始,在Lumen中禁用了cookie。 I'm currently making an API in Lumen with JWT authentication. 我目前正在通过JWT身份验证在Lumen中制作API。
To secure my application from CSRF attacks I need to set a csrf cookie. 为了保护我的应用程序免受CSRF攻击,我需要设置一个csrf cookie。 But what is the best way to handle that now? 但是,现在处理该问题的最佳方法是什么?
1 个解决方案
解决方案1
2 2016-07-29 01:06:39
VerifyCsrfToken Middleware was removed in this commit . VerifyCsrfToken中间件已在此提交中删除。
From Lumen 5.2 documentation: 从Lumen 5.2文档中:
Lumen 5.2 represents a more decided shift towards focusing on stateless APIs.
So, if you need Csrf Token verification, you have to implement it storing it in a meta tag or inside a JWT payload as a private claim (you will need to implement the new claim, ie: here ). 因此,如果需要Csrf令牌验证,则必须实现将其存储在meta标记中或JWT有效负载内作为私有声明 (您将需要实现新声明,即: here )。
If it was removed, there's probably a good reason. 如果将其删除,则可能有充分的理由。 Here I let some links that maybe can help you move on. 在这里,我提供一些可能有助于您继续前进的链接。
CSRF Token necessary when using Stateless(= Sessionless) Authentication? 使用无状态(=无会话)身份验证时需要CSRF令牌吗?
Where to store JWT in browser? 在浏览器中的何处存储JWT? How to protect against CSRF? 如何防范CSRF?
https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage#post-2748616172 https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage#post-2748616172
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.