发表新帖
发表新帖

Why does the Laravel API return a 419 status code on POST and PUT methods?

后端 未结
关注
3 1167
攒了一身酷
攒了一身酷 2020-11-28 13:12

I am trying to create a RESTful API by using Laravel. I have created my controller using php artisan make:controller RestController and this is my controlle

相关标签:
3条回答
  • 借酒劲吻你
    2020-11-28 13:45

    if you are developing rest apis better not to add token .if you are using 5.4 or 5.5 you can use api.php instead of web.php .In api.php you dont need token verifcation on post request.

    if you are using web.php then you exculde token .Here is the official documentation

    Excluding URIs From CSRF Protection

    Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes.

    Typically, you should place these kinds of routes outside of the web middleware group that the RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:

    <?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'stripe/*',
    ];
}

    for reference

    https://laravel.com/docs/5.5/csrf

    0 讨论(0)
  • 面向向阳花
    2020-11-28 13:50

    As per my Knowledge there are two methods to solve this

    Method-1:- Add CsrF Token

    Method-2:- Exclude URIs from CSRF protection

    How to use

    Method-1:- Add one more variable to your POST request.

    "_token": "{{ csrf_token() }}"

    Example for Ajax

     req = $.ajax({
    type: "POST",
    url: "/search",
    data: {'key' : 'value',
    "_token": "{{ csrf_token() }}",},
    dataType: "text",
    success: function(msg){

    }
});

    Example if you using forms

    <input type="hidden" name="_token" id="token" value="{{ csrf_token() }}">

    Method-2 There is a file named 'VerifyCsrfToken' in following location

    yourProjectDirectory --> app->Http--> Middleware

    Add your URL in following method

     protected $except = [

            'url1/',
            'url2/',

 ];

    When To use

    • If you are the owner(full control) of API, use Method 1, as CSRF TOKEN adds security to your application.

    • If you are unable to add CSRF token like in case if you are using any third party API's, webhooks etc go for Method-2.

    0 讨论(0)
  • 天命终不由人
    2020-11-28 14:09

    I solved this problem by changing my server cache setting. You can disable all of your caching systems (Nginx, Cloudflare, ...) to check it and then turn it on by applying QueryString + Cookie to prevent caching a page with old csrf token in it.

    0 讨论(0)
 看不清?
提交回复
热议问题