当我做一个ajax POST时,我在使用Laravel 5.2时遇到了一些问题,我收到403错误
-
Ajax POST 请求
$.ajax({ headers: { 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') }, data: {category_id:category_id, _token: $('meta[name="csrf-token"]').attr('content')}, url: '/admin/gallery/create/ajax', method: 'POST', success: function(data) { console.log(data); $('#object').empty(); $('#object').append(data); }, error: function(msg) { console.log(msg); } });
-
路线
Route::post('admin/gallery/create/ajax', ['as' => 'gallery.ajax', 'uses' => 'GalleryController@getObject']);
-
控制器
public function getObject(Request $request){ $data = array(); if($request->category_id == 'users'){ $allItems = User::all(); foreach ($allItems as $key => $item) { $data += array($key=>'<option value="'.$item['name'].'">'.$item['name'].'</option>'); } } if($request->category_id == 'authors'){ $allItems = Author::all(); foreach ($allItems as $key => $item) { $data += array($key=>'<option value="'.$item['name'].'">'.$item['name'].'</option>'); } } if($request->category_id == 'galleries'){ $allItems = Gallery::all(); foreach ($allItems as $key => $item) { $data += array($key=>'<option value="'.$item['name'].'">'.$item['name'].'</option>'); } } return $data; }
-
结果
POST 403 (Forbidden)
-
但有路线:
Route::post ('admin/gallery/create/ajax', function('Symfony'Component'HttpFoundation'Request $request){ if (Session::token() == Request::header('x-csrf-token')) { echo $request->category_id; } else { return 'ERROR'; } });
-
结果
请求完成
-
与 GET 一切正常
$.ajax({ headers: { 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') }, data: {category_id:category_id}, url: '/admin/gallery/create/ajax/', method: 'get', success: function(data) { $('#object').empty(); $('#object').append(data); }, error: function(msg) { console.log(msg);// если ошибка, то можно посмотреть в консоле } });
路线获取
Route::get ('/admin/gallery/create/ajax/', ['as' => 'gallery.ajax', 'uses' => 'GalleryController@getObject']);
-
获取结果
-
需要有关 AJAX POST 的帮助
确保已
将路由添加到web
中间件组。否则,将不会验证令牌。
web
中间件组如下所示:
protected $middlewareGroups = [
'web' => [
'App'Http'Middleware'EncryptCookies::class,
'Illuminate'Cookie'Middleware'AddQueuedCookiesToResponse::class,
'Illuminate'Session'Middleware'StartSession::class,
'Illuminate'View'Middleware'ShareErrorsFromSession::class,
'App'Http'Middleware'VerifyCsrfToken::class,
],
如您所见,它会在'App'Http'Middleware'VerifyCsrfToken::class,
中验证令牌。
因此,在routes.php
文件中,添加中间件组,如下所示:
Route::group(['middleware' => ['web']], function () {
// Your route goes here
});
正确答案https://stackoverflow.com/a/30508294/5908145
现在使用此参数:
Route::post ('/admin/gallery/create/ajax', ['as' => 'gallery.ajax', 'uses' => 'GalleryController@getObject']);
$.ajax({
headers: {
'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
},
data: {category_id:category_id, _token: $('meta[name="csrf-token"]').attr('content')},
url: '/admin/gallery/create/ajax',
method: 'POST',
success: function(data)
{
console.log(data);
$('#object').empty();
$('#object').append(data);
},
error: function(msg)
{
console.log(msg);
}
});
验证CsrfToken.php
public function handle($request, 'Closure $next)
{
$response = $next($request);
if (last(explode('''',get_class($response))) != 'RedirectResponse') {
$response->header('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
}
return $response;
}
谢谢大家!