我正在尝试设置Laravel的广播系统,但是CSRF令牌有问题。
我将令牌发送到我的SPA
<meta name="csrf-token" content="{{ csrf_token() }}">
然后我为Laravel-Echo设置选项
window.Echo = new Echo({
broadcaster: 'socket.io',
host: window.location.hostname + ':6001',
csrfToken: document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
auth:
{
headers:
{
'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
}
}
});
我检查Echo对象,并且存在CRSF令牌。但是当我查看Laravel-Echo-Server日志时,出现419错误响应(CRSF令牌不匹配)
Laravel-Echo-Server在同一台无所事事的计算机(霍姆斯特德)上运行,我在主机PC的端口80上使用伪造的主机名“ http://developing.com”访问http服务器。这是我的laravel-echo-server.json
{
"authHost": "http://developing.com",
"authEndpoint": "/broadcasting/auth",
"clients": [
{
"appId": "...",
"key": "..."
}
],
"database": "redis",
"databaseConfig": {
"redis": {},
"sqlite": {
"databasePath": "/database/laravel-echo-server.sqlite"
}
},
"devMode": true,
"host": null,
"port": "6001",
"protocol": "http",
"socketio": {},
"secureOptions": 67108864,
"sslCertPath": "",
"sslKeyPath": "",
"sslCertChainPath": "",
"sslPassphrase": "",
"subscribers": {
"http": true,
"redis": true
},
"apiOriginAllow": {
"allowCors": false,
"allowOrigin": "",
"allowMethods": "",
"allowHeaders": ""
}
}
我在哪里错了? 谢谢!
更新 我再也没有问题了……也许dump-autoload做了什么?我不知道...