我需要为某些参照禁用CSRF令牌。我该怎么办?
我尝试过:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
$_SERVER['HTTP_REFERER'] == 'http://example.com' ? '/example' : '',
];
但是我得到了错误:expression is not allowed as field default value
答案 0 :(得分:0)
$except字段用于从CSRF检查中排除指定的URL。如果要跳过对来自特定引荐来源的请求的检查,则需要扩展您的VerifyCsrfToken中间件类,并提供具有以下内容的新handle方法:
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
// If request comes from specific referer...
if ($request->headers->get('referer') == 'http://example.com') {
// ... then we append $except with URL to ignore.
$this->except[] = '/example';
}
// After that we pass the control to original method's implementation
// that will perform the check as usual.
return parent::handle($request, $next);
}