我有一条来自web.php的路线:
Route::get("webhook", "BotController@verify_token");
Route::post("webhook", "BotController@handle_query");
如何从CSRF中间件中排除它们?
我在VerifyCsrfToken.php中尝试了以下代码,但它仍然无效。
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'webhook/*'
];
}
答案 0 :(得分:1)
已经找到了解决方案。我刚刚删除了“/*”。
protected $except = [
'webhook'
];
答案 1 :(得分:0)
一种方法是扩展VerifyCsrfToken并在其中包含一个没有csrf url的数组:
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Session\TokenMismatchException;
class VerifyCsrfToken extends
\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken {
protected $except_urls = [
'contact/create',
'contact/update',
...
];
public function handle($request, Closure $next)
{
$regex = '#' . implode('|', $this->except_urls) . '#';
if ($this->isReading($request) || $this->tokensMatch($request) || preg_match($regex, $request->path()))
{
return $this->addCookieToResponse($request, $next($request));
}
throw new TokenMismatchException;
}
}
更改内核以指向新的中间件:
protected $middleware = [
'App\Http\Middleware\VerifyCsrfToken',
];