问题
Okay, this is very beginner, but I'd like an explanation. In the built-in Laravel password reset in the "postReset" method below, it specifies "token"...however, when using {!! csrf_field() !!} in the view, it generate as the input name="_token". Does the _ count as an actual character when matching up the names? Just confused how the database migration uses "token", but the csrf field sets up the input name as "_token".
public function postReset(Request $request)
{
$this->validate($request, [
'token' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed|min:6',
]);
$credentials = $request->only(
'email', 'password', 'password_confirmation', 'token'
);
$response = Password::reset($credentials, function ($user, $password) {
$this->resetPassword($user, $password);
});
Thanks,
回答1:
You don't need a _token for password reset or migration. But it is absolutely needed if you are sending any inputs to the laravel in post method.
Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
Source
How can i include the csrf token in my form ?
You can include the csrf token by having this inside your form
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
Tip :
You can handle the action after the CSRF Token filter inside
app\Http\Middleware\VerifyCsrfToken.php
Hope this helps you.
回答2:
I face same issue before its not related with CSRF in my case, as I read from the code he search for third segment to get token from url which he use for reset. but if you use localization system will missing it as below screen
You can make small work around to fix it
@php
$segments = \Request::segments();
$token = end($segments);
@endphp
<form method="POST" action="{{ route('password.request') }}">
{!! csrf_field() !!}
<input type="hidden" name="token" value="{{$token}}">
来源:https://stackoverflow.com/questions/34669965/laravel-password-reset-token