[英]#laravel 419 error appear submission of any form this problem only on GoDaddy hosting on other hosting app works fine
after login when I click on any link(that call route) 419 occur, especially when I try to delete any record this error comes out, according to my finding during this error I realize that on each form submission token store in session updated but token that passes as hidden field in form submission request is not update that is the cause of token mismatch登录后,当我单击任何链接(该呼叫路由)时,会发生 419,尤其是当我尝试删除任何记录时,会出现此错误,根据我在此错误期间的发现,我意识到在会话中的每个表单提交令牌存储已更新但令牌在表单提交请求中作为隐藏字段传递的不是更新,这是令牌不匹配的原因
what did I do to figure out this problem?我做了什么来解决这个问题?
current I'm using laravel 5.7.28 version , I tried with same application on other shared hosting application work fine.目前我使用的是laravel 5.7.28 版本,我尝试在其他共享托管应用程序上使用相同的应用程序工作正常。
I faced 419 only on the GoDaddy hosting following are the step that I follow to figure out the problem but does not get a fruitful result我只在 GoDaddy 主机上遇到 419
I comment out我注释掉
// \App\Http\Middleware\VerifyCsrfToken::class,
from kernel.php 419 error disappear but by doing this after login when I click on any link I redirect on login screen means to say session destroyed从 kernel.php 419 错误消失,但通过在登录后执行此操作,当我单击任何链接时,我在登录屏幕上重定向意味着会话已被破坏
I also regenerate app key我也重新生成了应用程序密钥
APP_KEY=base64:8NYbcWPkEaj5oVHEGBWxCaFVHQhkgA/OOZyFPBiDMYQ=
in session.php file在 session.php 文件中
'http_only' => false,
the session is properly storying in storage/framework/session.php and I assign permissions 777会话在 storage/framework/session.php 中正确叙述,我分配权限 777
enter code here在这里输入代码
then I try to debug session manually然后我尝试手动调试会话
vendor/laravel/framework/src/Illuminate\Foundation\Http\Middleware
public function handle($request, Closure $next)
{
echo "<pre>";
print_r($this->getTokenFromRequest($request));
echo "</pre>";
echo "<pre>";
print_r($request->session()->token());
echo "</pre>";
die()
if (
$this->isReading($request) ||
$this->runningUnitTests() ||
$this->inExceptArray($request) ||
$this->tokensMatch($request)
) {
return tap($next($request), function ($response) use
($request) {
if ($this->shouldAddXsrfTokenCookie()) {
$this->addCookieToResponse($request, $response);
}
});
}
throw new TokenMismatchException;
}
csrf token store in session and updated on each form submission csrf 令牌存储在会话中并在每次提交表单时更新
$request->session()->token();
but token store in form submission $request remain same/static does not change/update但表单提交 $request 中的令牌存储保持不变/静态不会更改/更新
$this->getTokenFromRequest($request);
which is actually is the cause of token mismatch that throws an exception of in the form of error 419这实际上是令牌不匹配的原因,它以错误 419 的形式引发异常
properly use @scrf token on each form and i also replace {{csrf_filed() }}在每个表单上正确使用 @scrf 令牌,我还替换了 {{csrf_filed() }}
also run the composer update command还运行 composer update 命令
run app on a different browser在不同的浏览器上运行应用程序
Comment out注释掉
//\App\Http\Middleware\VerifyCsrfToken::class in \app\Http\Kernel.php
while I commit out above file 419 disappear but when I click on any link session destroyed, logout and I return on the login page Comment out虽然我提交了上面的文件 419 消失但是当我点击任何链接会话被破坏时,注销并返回登录页面 注释掉
//\Illuminate\Session\Middleware\AuthenticateSession::class
in在
\app\Http\Kernel.php
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:8NYbcWPkEaj5oVHEGBWxCaFVsQhkgA/OOZyFPBiDMYQ=
APP_DEBUG=true
APP_URL=http://localhost
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=ltcsar
DB_USERNAME=root
DB_PASSWORD=
BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379+
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
我遇到了同样的问题,它是 laravel 5.7.2 的问题,我已经安装了 framework v 5.7.9,问题将消失。
Go to去
app\\Http\\Middleware\\TrustProxies.php应用\\Http\\Middleware\\TrustProxies.php
update protected $proxies; --> protected $proxies = '*';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.