我正在使用 Laravel 5.1 构建REST API,我收到此错误:
TokenMismatchException in VerifyCsrfToken.php line 53:
这是我的 routes.php:
Route::controller('city' , 'CityController' );
CityController:
class CityController extends Controller
{
public function postLocalities()
{
$city = Input::get('cityName');
$response = $city;
return $response;
}
}
点击网址时出现错误的 Stacktrace 使用POST方法http://localhost:8000/city/localities?cityName=bangalore。
TokenMismatchException in VerifyCsrfToken.php line 53:
in VerifyCsrfToken.php line 53
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in
ShareErrorsFromSession.php line 54
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in
StartSession.php line 62
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in
AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in
CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'),
array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Kernel.php line 122
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 87
at Kernel->handle(object(Request)) in index.php line 54
at require_once('C:\Users\betaworks02\Documents\gharbhezoBackend\public\index.php') in server.php line 21
答案 0 :(得分:14)
如果您正在构建API,最好将CRSF中间件放在每个路由上,而不是将其作为全局中间件放置。要将其作为路由中间件,请转到“ /app/Http/Kernel.php ”文件。
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
//comment out to avoid CSRF Token mismatch error
// 'App\Http\Middleware\VerifyCsrfToken',
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'cors' => 'App\Http\Middleware\CorsMiddleware',
'api' => 'App\Http\Middleware\ApiMiddleware',
'csrf' => 'App\Http\Middleware\VerifyCsrfToken'// add it as a middleware route
现在您可以将它放在您需要它的路线上,例如
Route :: get('someRoute',array('uses'=>'HomeController @ getSomeRoute','middleware'=>'csrf'));
对于您不需要CSRF令牌匹配的情况,它现在应该可以正常工作。
答案 1 :(得分:14)
您无需从应用中完全覆盖CFSR令牌。在App / Http / Midlleware文件夹中,转到VerifyCsrfToken.php并将API路由包含在异常中,如下所示:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'api/*',
];
*显示API内的所有路线。
答案 2 :(得分:0)
我收到同样的错误,但是有关覆盖CSRF验证的所有警告,都不想更改这些设置。
我最终发现/config/session.php中的会话驱动程序默认为memcached,因为我在开发服务器上,我需要用'file'覆盖SESSION_DRIVER env变量以使用/ storage /中的会话框架/会话。
/.env
SESSION_DRIVER = file