在非身份验证路由上找不到“ CSRF令牌”

时间:2019-07-18 09:25:19

标签: php laravel csrf laravel-blade

我正在为一家小型企业创建一个Laravel网站。有一个公共前端和一个“管理面板”,用于管理数据,客户信息和博客。

我创建了一个“公共控制器”来管理在公共路线(首页,隐私权政策,画廊等)上发出的请求,而该公共路线未实现Auth中间件,并且我为博客和仪表板,该仪表板实现了Auth中间件并执行了常规的CRUD。

有两种布局-一种“管理员”和一种“用户”,区别在于导航栏的显示方式和内容@yield周围的环绕元素。两种布局都包含一个带有标签的“ head”布局,包括CSRF令牌。

我的问题是,每当我转到不是'/ login','/ admin'或'/ dashboard'的页面(身份验证后即可访问仪表板)时,控制台中都会出现有关CSRF令牌的错误。

CSRF令牌在Auth和non-Auth的所有页面的HTML中均可见,但仅在'/ login'(以及make:auth提供的其他默认Auth页面)和'/ dashboard'上可见系统对此不满意。

我尝试过:

  • 重新编写标签以确保 没有错别字
  • 有人建议更改app.js行

let token = document.head.querySelector('meta[name="csrf-token"]');

let token = $('meta[name="csrf-token"]').attr('content');

  • 我已经尝试过php artisan config:clear和composer dump-autoload
  • 我尝试将Auth中间件添加到PublicController.php

web.php 

Route::get('/admin', function () {
    if ( Auth::user() ) {
        return redirect('dashboard');
    } else {
        return view('auth.login');
    }
});
Auth::routes();
Route::get('/', 'PublicController@index')->name('home');
Route::get('/dashboard', 'DashController@index')->name('dashboard.index');

user.blade.php (非身份验证路由的“公共”布局) admin.blade.php (身份验证路由的“专用”布局[内部])

<!DOCTYPE html>
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
@include('layouts.head')
<body>
    <div id="app">
...

head.blade.php:

    

<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrf_token() }}">

<title>@yield('title')</title>

<script src="{{ asset('js/app.js') }}" ></script>
<script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js">/script>

<link href="{{ asset('css/app.css') }}" rel="stylesheet">
@yield('css')

publicController.php 

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class PublicController extends Controller
{
    /**
     * Show the home page
     *
     * @return \Illuminate\Contracts\Support\Renderable
     */
    public function index()
    {
        return view('home');
    }
}

DashController.php 

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class DashController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth');
    }

    /**
     * Show the application dashboard.
     *
     * @return \Illuminate\Contracts\Support\Renderable
     */
    public function index()
    {
        return view('dashboard.index');
    }
}

我可能忽略了一些明显的事情,但是我真的不确定现在该去哪里,因为我已经尝试过Google上的每个答案,尽管您不需要验证的页面之间存在明显的相关性玩CSRF并检查那些是否是Auth用户的用户,即使两者都包含具有CSRF的相同“头部”布局也是如此。

编辑

根据请求的Kernel.php 

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \App\Http\Middleware\TrustProxies::class,
        \App\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    ];

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

/**
 * The application's route middleware.
 *
 * These middleware may be assigned to groups or used individually.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];

/**
 * The priority-sorted list of middleware.
 *
 * This forces non-global middleware to always be in the given order.
 *
 * @var array
 */
protected $middlewarePriority = [
    \Illuminate\Session\Middleware\StartSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\Authenticate::class,
    \Illuminate\Session\Middleware\AuthenticateSession::class,
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
    \Illuminate\Auth\Middleware\Authorize::class,
];
}

0 个答案:

没有答案
相关问题
最新问题