我一直在看文档: https://laravel.com/docs/5.4/csrf#csrf-excluding-uris
当我从不同的域发布到控制器路由(/ create-order)时,我将其添加到$ except数组中,我一直得到302找到的状态代码。
我需要从PhoneGap应用程序到应用服务器执行ajax发布。 (除非我可以在应用程序中获得在服务器上有效的令牌)。
所以create-order被添加到$除外, 我从App发布到创建订单, 我得到了302。
我错过了什么吗?
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'*'
];
}
EDIT2:
这就是我想要的:
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
//
];
public function __construct(Application $app, Encrypter $encrypter) {
parent::__construct($app, $encrypter);
$header = $this->getallheaders();
if (isset($header['Authority']) && $header['Authority'] == 'somesecretcode') {
$this->except[] = 'create-order';
}
}
protected function getallheaders()
{
$headers = [];
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP_')
{
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}