[英]Laravel 419 unknown status
I am making an AJAX request from a subdomain to main domain.我正在从子域向主域发出 AJAX 请求。 I have set up CORS so that subdomain is attached automatically to the allowed domain listing.
我已经设置了 CORS,以便子域自动附加到允许的域列表。 I am getting a
419 (unknown status)
error and upon dumping the error I found out that I am getting TokenMissmatchException
.我收到
419 (unknown status)
错误,在转储错误后我发现我收到TokenMissmatchException
。
I noticed also that that is infact true because I also saw:我还注意到这实际上是正确的,因为我还看到:
"_token" => "h7I07Iv0m4sF7XHhXjtygnfCtITgzCi3Ml8lfT7Z" // <-- sent
"_token" => "N118Izko7j5uf851MpijBXInFLaUVicRdf9uw3h4" // <-- in session
I am obviously sending token with my AJAX request as I see it in the headers section when inspecting the request.我在检查请求时在标头部分看到它,显然我正在使用我的 AJAX 请求发送令牌。
I suppose there is some missmatch going on because I am traversing from my subdomain to my domain.我想有一些不匹配正在进行,因为我从我的子域遍历到我的域。
How can I align tokens across my main domain and all subdomains so that I don't get an exception?如何在我的主域和所有子域中对齐令牌,以免出现异常?
NOTE笔记
All AJAX routes are receiving a token from所有 AJAX 路由都从
<meta name="csrf-token" content="{{ csrf_token() }}">
Attaching it to every request in将它附加到每个请求中
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
EDIT编辑
I have placed this under session.php
我把它放在
session.php
"domain" => "." . env('APP_URL'),
because of the cookies, even though honestly I'm not sure what it does因为饼干,尽管老实说我不确定它有什么作用
Session sharing across multiple domain..... There can be tweaks to do it.跨多个域的会话共享..... 可以进行调整。 To make a cookie available in all the sub-domains you need to assign it to the root domain.
要使 cookie 在所有子域中可用,您需要将其分配给根域。
session.cookie_domain = ".example.com"
Personally I would recommend a different approach (but it also depends on other factors upon which I don't have full visibility from your question....)就我个人而言,我会推荐一种不同的方法(但这也取决于我无法从您的问题中完全了解的其他因素......)
Perform the ajax call from/to the same subdomain (CSRF middleware protected, standard CSRF usage) On the controller perform a server to server backend call to your main domain (eg a curl_exec )执行来自/到同一个子域的 ajax 调用(受 CSRF 中间件保护,标准 CSRF 用法)在控制器上执行服务器到服务器对主域的后端调用(例如 curl_exec )
The server to server call is not visible and you can protect it... eg at network level or by adding an Oauth server if the two domain communicates through internet.服务器到服务器的调用是不可见的,您可以保护它……例如,在网络级别,或者如果两个域通过互联网进行通信,则添加一个 Oauth 服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.