发表新帖
发表新帖

Laravel 5: POST without CSRF checking

后端 未结
关注
4 927
醉梦人生
醉梦人生 2021-01-17 19:07

It seems that Laravel 5 by default applies the CSRF filter to all non-get requests. This is OK for a form POST, but might be a problem to an API that POSTs DELETEs etc.

4条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2021-01-17 19:32

    My hack to the problem:

    CSRF is now a "middleware" registered globally in App\Http\Kernel.php. Removing it will default to no CSRF protection (Laravel4 behavior).

    To enable it in a route:

    1. Create a short-hand key in your app/Providers/RouteServiceProvider.php :

      protected $middleware = [
  // ....
  'csrf'  => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken',
];

    2. You can now enable it to any Route:

      $router->post('url', ['middleware' => 'csrf', function() {
 ... 
}]);

    Not the most elegant solution IMO...

    0 讨论(0)
 看不清?
提交回复
热议问题