使用_token的curl post仍会在laravel上获得“Illuminate \ Session \ TokenMismatchException”

时间:2017-10-01 20:22:39

标签: php curl post laravel-5 token

我现在使用两个PHP框架,一个是laravel-5,另一个是自行开发的。 在我自己框架的一个.php文件中,我需要在laravel上调用api。所以我使用cURL发送帖子请求。

致电代码:

$postfields = array(
            '_token' => $this->request['token'], // this is received from the view in laravel
            'product_ids' => $this->request['productIds']);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
// curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_exec($ch);
curl_close($ch);

我特别注意使用'_token'。但我在日志中仍然有例外。如下:

local.ERROR: exception 'Illuminate\Session\TokenMismatchException' in /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:53
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#2 /a/www/zhihui-manager/vendor/illuminate/view/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#4 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#5 /a/www/zhihui-manager/vendor/illuminate/session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#7 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#8 /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
#10 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#11 /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#13 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#14 /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(44): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#16 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#18 /a/www/zhihui-manager/vendor/illuminate/pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#19 /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#20 /a/www/zhihui-manager/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#21 /a/www/zhihui-manager/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#22 {main}

所以我将“发布”请求更改为“获取”并使用

header("Location:" . $url . http_build_query($postfields));

然后一切顺利。

但我担心查询字段将来会扩展,所以我更喜欢使用“post”并使用CSRF来保证安全性。

例外的原因是什么?提前谢谢。

更新: 正如@ThànhChungBùi所说,我在调用代码时使用cURL添加了cookie:

$cookie = 'XSRF-TOKEN=' . $this->request['token'] . '; laravel_session=' . $this->request['session'];
curl_setopt($ch,  CURLOPT_COOKIE, $cookie);

这两个值来自laravel中的代码,并且不完全为空:

Cookie::get('laravel_session');
Cookie::get('XSRF-TOKEN');

但是出于同样的原因它没有用。

0 个答案:

没有答案