CakePHP 3.5 400 錯誤請求
[英]CakePHP 3.5 400 Bad Request
問題描述
我正在開發一個帶有基於 webonyx 的GraphQL-PHP包的 GraphQL 端點的 CakePHP。 問題是 post 和 multipart 方法返回 400 個錯誤的請求。 我最初認為這是由於預檢請求得到處理而后續被忽略或一個簡單的 cors 問題,但經過對代碼的大量調試和修改。 我已經確定這些設置正確。 我使用這個插件來管理預檢請求。 默認配置允許所有來源,問題仍然存在。
處理請求的操作方法看起來像這樣。
public function index(){
$this->autoRender = false;
$data = $this->request->input('json_decode');
if(!$data) {
$data = $this->request->getParam('?');
}
if(!$data) $data = [];
$data += ['query' => null, 'variables' => null];
$result = $this->GraphQL->query($data);
$this->response = $this->response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Methods', ['GET', 'POST', 'OPTIONS'])
->withHeader('Access-Control-Allow-Credentials', 'true')
->withHeader('Access-Control-Max-Age','8600')
->withType('application/json')
->withStringBody(json_encode($result));
return $this->response;
}
但這不是問題的原因。 POST 和 MULTIPART 在返回錯誤之前甚至不會進入這個函數。 我一直在用 GraphiQL Feen 測試端點。
這是錯誤日志中產生的堆棧跟蹤。
2018-01-29 22:28:35 Warning: DebugKit not enabled. You need to either install pdo_sqlite, or define the "debug_kit" connection name.
2018-01-29 22:28:36 Warning: DebugKit not enabled. You need to either install pdo_sqlite, or define the "debug_kit" connection name.
2018-01-29 22:28:47 Warning: DebugKit not enabled. You need to either install pdo_sqlite, or define the "debug_kit" connection name.
2018-01-29 22:28:48 Error: [Cake\Controller\Exception\AuthSecurityException] '_Token' was not found in request data.
Request URL: /api
Stack Trace:
#0 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Controller/Component/SecurityComponent.php(316): Cake\Controller\Component\SecurityComponent->_validToken(Object(App\Controller\ApiController))
#1 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Controller/Component/SecurityComponent.php(121): Cake\Controller\Component\SecurityComponent->_validatePost(Object(App\Controller\ApiController))
#2 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Event/EventManager.php(416): Cake\Controller\Component\SecurityComponent->startup(Object(Cake\Event\Event))
#3 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Event/EventManager.php(393): Cake\Event\EventManager->_callListener(Array, Object(Cake\Event\Event))
#4 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Event/EventDispatcherTrait.php(110): Cake\Event\EventManager->dispatch(Object(Cake\Event\Event))
#5 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Controller/Controller.php(506): Cake\Controller\Controller->dispatchEvent('Controller.star...')
#6 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/ActionDispatcher.php(114): Cake\Controller\Controller->startupProcess()
#7 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/ActionDispatcher.php(93): Cake\Http\ActionDispatcher->_invoke(Object(App\Controller\ApiController))
#8 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/BaseApplication.php(108): Cake\Http\ActionDispatcher->dispatch(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#9 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Http\BaseApplication->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#10 /path/radioactive-cake/app/vendor/ozee31/cakephp-cors/src/Routing/Middleware/CorsMiddleware.php(31): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#11 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cors\Routing\Middleware\CorsMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#12 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(104): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#13 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Routing\Middleware\RoutingMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#14 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(88): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#15 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Routing\Middleware\AssetMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#16 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(95): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#17 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(65): Cake\Error\Middleware\ErrorHandlerMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#18 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Runner.php(51): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#19 /path/radioactive-cake/app/vendor/cakephp/cakephp/src/Http/Server.php(81): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#20 /path/radioactive-cake/app/webroot/index.php(40): Cake\Http\Server->run()
#21 {main}
它還指出請求數據中缺少 _Token 但我在我的 beforeFilter 函數中禁用了 CSRF 像這樣。
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('index');
$this->eventManager()->off($this->Csrf);
}
附帶說明一下,使用前三行中提到的 debug_kit 連接會提供更詳細的輸出嗎?
1 個解決方案
解決方案1
0 2018-01-29 22:59:11
CSRF 未正確禁用。 我的 beforeFilter 應該是這樣的。
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('index');
$actions = [
'index',
];
if (in_array($this->request->params['action'], $actions)) {
// for csrf
$this->eventManager()->off($this->Csrf);
// this is a must have
$this->Security->config('unlockedActions', $actions);
}
}
“ 400錯誤請求”為什么?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.