发表新帖
发表新帖

Laravel 5 TokenMismatchException only in iFrame

后端 未结
关注
2 2100
青春惊慌失措
青春惊慌失措 2021-01-18 16:24

I have a working form:

    {!! Form::open() !!}
2条回答
  • 心在旅途
    心在旅途 (楼主)
    2021-01-18 17:03

    @Jeemusu 's answers provides a solution, though a few comments and another suggested solution after reading: https://discussions.apple.com/thread/4156939?tstart=0

    • To me, this has nothing with preventing CSRF, other browsers are not preventing this, I would say that this is more related with preventing tracking.
    • The page at Apple suggests the following: the problem only occures when the iframe domain has not been visited first (and this is what I have observed).
    • One solution would be for the caller domain to set a cookie when a user arrives, redirect to the called domain to "count as a visit" and then redirect back to the called domain (that would read the first set cookies to not redirect again).

    I would say that disabling CSRF protection is an unsecure idea.

    0 讨论(0)
 看不清?
提交回复
热议问题