欢迎各位兄弟 发布技术文章

这里的技术是共享的

You are here

首页

Laravel cURL POST Throwing TokenMismatchException 有大用

星期四, 2017-08-10 09:44 — adminshiping1

3down votefavorite
 

I have a problem with POST cURL request to my application. Currently, I'm building RESTFUL registration function using laravel 5.

The routes for this is example is

localhost:8000/user/create

I pass value using cURL function on terminal

curl -d 'fname=randy&lname=tan&id_location=1&email=randy@randytan.me&password=randytan&remember_token=Y&created_at=2015-03-03' localhost:8000/auth/register/

And this is my routes.php

Route::post('user/create', 'UserController@create');

And this is my function to store the registration user

public function create()
    {
        //function to create user.
        $userAccounts = new User;
        $userAccounts->fname = Request::get('fname');
        $userAccounts->lname = Request::get('lname');
        $userAccounts->id_location = Request::get('id_location');
        $userAccounts->email = Request::get('email');
        $userAccounts->password = Hash::make(Request::get('password'));
        $userAccounts->created_at = Request::get('created_at');

        $userAccounts->save();

        return Response::json(array(
                'error' => false,
                'user'  => $userAccounts->fname . " " . $userAccounts->lname
            ), 200);

    }

Executing the cURL syntax above, I'm getting this error TokenMismatchException

Do you have any ideas?

Because I'm implementing middleware only in my few urls, and this cURL registration url is not tight into any authentication mechanism.

Thanks before.

   
shareimprove this question
 

3 Answers 正确答案

up vote2down voteaccepted

Laravel 5 enforces CSFR token authentication in middleware by default.

  1. you can disable CSFR on selected route Here is the link

  2. or you can try some of these solutions. Hope so it will help.

  3. changing your csfr token method /app/Http/Middleware/VerifyCsrfToken.php

    public function handle ($request, Closure $next) {
    if (
    !$request->is("api/*"))
    {
    return parent::handle($request, $next);
    }

    return $next($request);

    }

shareimprove this answer
 
   
Thank for the link in 2. I ended up modifying handle(...) function in class VerifyCsrfToken. I added if( $request->is( "api*" ) ) return $next($request); just before the return. Now all requests to /api* get through CSFR. – Eamorr Jun 1 '15 at 8:21
   
Is it a public API? Because you shouldn't disable Csrf unless you are happy for anyone to send the API requests – Chris Aug 26 '15 at 15:56
up vote8down vote

In Laravel 5 (latest version) you can specify routes you want to exclude in/app/Http/Middleware/VerifyCsrfToken.php

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'rest-api/*', # all routes to rest-api will be excluded.
    ];


}

Hope this helps.

shareimprove this answer
 
   
This is great solution, thanks – zachu Jul 6 '16 at 21:10
up vote0down vote

In my case, i needed to add the route on api.php instead of web.php

shareimprove this answer
 

来自 https://stackoverflow.com/questions/29192806/laravel-curl-post-throwing-tokenmismatchexception


普通分类: 
laravel
Powered by Drupal

友情链接

校园好文网

 www.shipingzhong.cn  个人技术网_前端_后台    备案号:苏ICP备18010659号-2