在L5 Swagger项目的控制器中添加以下代码,以在提交表单时正确验证CSRF令牌:
use Illuminate\Support\Facades\Session;
class YourController extends Controller
{
public function yourMethod(Request $request)
{
$token = $request->input('_token');
if(!Session::token() === $token) {
abort(400, 'CSRF Token Mismatch');
}
// your code here
}
}
或者,可以使用Laravel自带的verifyCsrfToken
中间件来处理CSRF保护:
- 在app/Http/Kernel.php文件中,确保以下行被取消注释或添加到中间件数组中:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\Illuminate\Session\Middleware\StartSession::class, // 添加这行
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class, // 添加这行
];
- 确保在app/Http/Middleware/VerifyCsrfToken.php文件中有以下内容:
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
//
];
}
如果你需要排除一些路由不受CSRF保护,请将其添加到$except
数组中。