我正在尝试制作一个VueJs表单以包含在php.blade文件中,该文件中用户的评论和评分介于0到5星之间。我的问题是用户可以发起CSRF攻击,但是我的表单中有CSRF令牌。
我从vue的刀片中检索到它。我把它放在表单中,但似乎此标记有任何作用。
这是我的组成部分:
<template>
<form v-bind:action=this.route @submit.prevent="submit" method="POST" class="comment-form inline-items">
<input type="hidden" name="_token" v-bind:value="this.csrf">
<a class="h6 post__author-name fn">{{ this.user[0]['firstname'] }} {{ this.user[0]['lastname'] }}</a>
<div class="post__author author vcard inline-items">
<img alt="author">
<div class="form-group with-icon-right ">
<textarea name="content" v-model="content" class="form-control" placeholder=""></textarea>
<star-rating v-model="rating" v-bind:star-size="25"></star-rating>
</div>
</div>
<button type="submit" class="btn btn-md-2 btn-primary">Poster</button>
<button class="btn btn-md-2 btn-border-think c-grey btn-transparent custom-color">Annuler</button>
</form
</template>
<script>
import StarRating from 'vue-star-rating';
import axios from 'axios';
let token = document.head.querySelector('meta[name="csrf-token"]');
if (token) {
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}
export default {
components: {
StarRating
},
props: ['csrf', 'user'],
data() {
return {
'userid': this.user,
'content': '',
'rating': 0,
'route': window.location.pathname,
}
},
mounted() {
console.log('test.')
},
methods: {
submit:function() {
axios.post(this.route, {
content: this.content,
rating: this.rating,
route: this.route,
}).then(function (response) {
console.log(response)
})
},
},
}
我的app.js:
/**
* First we will load all of this project's JavaScript dependencies which
* includes Vue and other libraries. It is a great starting point when
* building robust, powerful web applications using Vue and Laravel.
*/
require('./bootstrap');
window.Vue = require('vue');
/**
* The following block of code may be used to automatically register your
* Vue components. It will recursively scan this directory for the Vue
* components and automatically register them with their "basename".
*
* Eg. ./components/ExampleComponent.vue -> <example-component></example-component>
*/
// const files = require.context('./', true, /\.vue$/i)
// files.keys().map(key => Vue.component(key.split('/').pop().split('.')[0], files(key).default))
Vue.component('example-component', require('./components/ExampleComponent.vue').default);
Vue.component('commentarypost-component', require('./components/CommentarypostComponent.vue').default);
Vue.component('commentary-component', require('./components/CommentaryComponent.vue').default);
Vue.component(
'passport-clients',
require('./components/passport/Clients.vue').default
);
Vue.component(
'passport-authorized-clients',
require('./components/passport/AuthorizedClients.vue').default
);
Vue.component(
'passport-personal-access-tokens',
require('./components/passport/PersonalAccessTokens.vue').default
);
/**
* Next, we will create a fresh Vue application instance and attach it to
* the page. Then, you may begin adding components to this application
* or customize the JavaScript scaffolding to fit your unique needs.
*/
const app = new Vue({
el: '#app',
});
我的刀片:
<div class="container">
<div class="col col-xl-12 col-12">
<h2 class="presentation-margin">Poster un commentaire</h2>
</div>
<div class="row">
<div class="col col-lg-6 col-md-12 col-sm-12 col-12">
<div id="app" class="ui-block">
<commentarypost-component csrf="{{csrf_token()}}" :user="{{ $user }}"/>
</div>
</div>
</div>
</div>
我的bootstrap.js:
window._ = require('lodash');
/**
* We'll load jQuery and the Bootstrap jQuery plugin which provides support
* for JavaScript based Bootstrap features such as modals and tabs. This
* code may be modified to fit the specific needs of your application.
*/
try {
window.Popper = require('popper.js').default;
window.$ = window.jQuery = require('jquery');
require('bootstrap');
} catch (e) {}
/**
* We'll load the axios HTTP library which allows us to easily issue requests
* to our Laravel back-end. This library automatically handles sending the
* CSRF token as a header based on the value of the "XSRF" token cookie.
*/
window.axios = require('axios');
window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
/**
* Next we will register the CSRF Token as a common header with Axios so that
* all outgoing HTTP requests automatically have it attached. This is just
* a simple convenience so we don't have to attach every token manually.
*/
let token = document.head.querySelector('meta[name="csrf-token"]');
if (token) {
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}
/**
* Echo exposes an expressive API for subscribing to channels and listening
* for events that are broadcast by Laravel. Echo and event broadcasting
* allows your team to easily build robust real-time web applications.
*/
// import Echo from 'laravel-echo'
// window.Pusher = require('pusher-js');
// window.Echo = new Echo({
// broadcaster: 'pusher',
// key: process.env.MIX_PUSHER_APP_KEY,
// cluster: process.env.MIX_PUSHER_APP_CLUSTER,
// encrypted: true
// });
以下是输出:
答案 0 :(得分:0)
您不需要包含'csrf'作为道具。在bootstrap.js中,对于Axios,csrf会得到照顾。
只需添加您的<head>:
<head>
<meta name="csrf-token" content="{{ csrf_token() }}">
</head>
在您的组件中,您也不需要此部分,因为bootstrap.js包含在您的app.js中:
import axios from 'axios';
let token = document.head.querySelector('meta[name="csrf-token"]');
if (token) {
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}