代码之家 › 专栏 › 技术社区 › Dancro

Put-Route返回CSRF令牌不匹配Laravel

endpoint crud postman laravel php

Dancro · 技术社区 · 2 年前

我正试图为一个博客配置一个crud api,现在我制作了这样的PostController:

<?php

namespace App\Http\Controllers;

use App\Models\Post;
use App\Http\Requests\StorePostRequest;
use Illuminate\Http\Request;

class PostController extends Controller
{
    /**
     * Display a listing of the resource.
     */
    public function index()
    {
        $posts = Post::all();
        return response()->json([
            'posts' => $posts
        ]);
    }

    /**
     * Store a newly created resource in storage.
     */
    public function store(StorePostRequest $request)
    {
        $post = Post::create($request->all());

        return response()->json([
            'message' => "Post Created successfully!",
            'post' => $post
        ], 200);
    }

    /**
     * Display the specified resource.
     */
    public function show(Post $post)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     */
    public function edit(Post $post)
    {
        //
    }

    /**
     * Update the specified resource in storage.
     */
    public function update(StorePostRequest $request, Post $post)
    {
        $post->update($request->all());

        return response()->json([
            'message' => "Post Updated successfully!",
            'post' => $post
        ], 200);
    }

    /**
     * Remove the specified resource from storage.
     */
    public function destroy(Post $post)
    {
        $post->delete();

        return response()->json([
            'status' => true,
            'message' => "Post Deleted successfully!",
        ], 200);
    }
}

而web.php就是这样一个:


<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\PostController;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/

Route::get('/', function () {
    return view('welcome');
});

Route::resource('posts', PostController::class);

当我试着用邮递员的时候 http://127.0.0.1:8000/posts/ 工作并向我显示所有数据,但不显示其他数据是的,我用POST切换了GET,甚至尝试了PUT 我得到以下结果:

 "message": "CSRF token mismatch.",

我在这个项目中没有任何前端来放置csrf字段,我应该如何解决这个问题?

2 回复 | 直到 2 年前

D1__1 2 年前

Api路线应在 routes/api.php 文件,不在 web.php 文件应用于这些文件中的路由的中间件堆栈是不同的。

中应用于路由的中间件之一 web.php 文件是 VerifyCsrfToken ,但您的请求永远不会有csrf令牌。将您的api路由从 web.php 到 api.php 将解决csrf令牌问题。

来自 RouteServiceProvider :

$this->routes(function () {
    Route::middleware('api') // api is a middleware group
        ->prefix('api')
        ->group(base_path('routes/api.php'));

    Route::middleware('web') // web is a middleware group
        ->group(base_path('routes/web.php'));
});

中间件组与这些中间件堆栈相对应:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class, // causes the issue
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
 
    'api' => [ // does not have the csrf middleware
        \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

Baran Arda 2 年前

如果你没有这个项目的前端,你需要在发送请求的设备上设置csrf令牌。设置“X-CSRF-TOKEN”标头应该可以解决您的问题。更多信息请点击此处: https://developer.mozilla.org/en-US/docs/Glossary/Request_header