Symfony 3 Ajax登录无效CSRF令牌
我正在尝试使用我的模式登录并发送一个Ajax身份验证请求,但我总是从onAuthenticationFailure函数中收到此错误: 无效的CSRF令牌 这是我的密码: security.ymlSymfony 3 Ajax登录无效CSRF令牌,ajax,symfony,authentication,modal-dialog,csrf,Ajax,Symfony,Authentication,Modal Dialog,Csrf,我正在尝试使用我的模式登录并发送一个Ajax身份验证请求,但我总是从onAuthenticationFailure函数中收到此错误: 无效的CSRF令牌 这是我的密码: security.yml firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false default: anonymous: ~ patte
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
pattern: ^/
form_login:
provider: picshare_provider
check_path: /login
success_handler: acme.security.authentication_handler
failure_handler: acme.security.authentication_handler
csrf_token_generator: security.csrf.token_manager
csrf_parameter: _csrf_token
class AuthenticationHandler implements AuthenticationSuccessHandlerInterface , AuthenticationFailureHandlerInterface
{
private $router;
private $session;
private $csrfTokenManager;
/**
* AuthenticationHandler constructor.
* @param RouterInterface $router
* @param Session $session
*/
public function __construct(RouterInterface $router, Session $session, CsrfTokenManagerInterface $csrfTokenManager)
{
$this->router = $router;
$this->session = $session;
$this->csrfTokenManager = $csrfTokenManager;
}
/**
* @param Request $request
* @param TokenInterface $token
* @return RedirectResponse|Response
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
if ($request->isXmlHttpRequest()) {
$json = array(
'has_error' => false,
'username' => $token->getUser()->getUsername()
);
$response = new Response(json_encode($json));
$response->headers->set('Content-Type', 'application/json');
return $response;
} else {
$url = $this->router->generate('home');
return new RedirectResponse($url);
}
}
/**
* @param Request $request
* @param AuthenticationException $exception
* @return Response
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ( $request->isXmlHttpRequest() ) {
$array = array( 'success' => false, 'message' => $exception->getMessage() ); // data to return via JSON
$response = new Response( json_encode( $array ) );
$response->headers->set( 'Content-Type', 'application/json' );
return $response;
}
else {
$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
return new RedirectResponse($this->router->generate('login'));
}
}
}
login_submit.onclick = function () {
axios.post('/login',
{
_username: document.getElementById('login-email').value = 'admin',
_password: document.getElementById('login-password').value = 'root',
_csrf_token: document.getElementById('login-csrf').value
},
config).then(function (response) {
console.log(response)
})
};
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
$csrfToken = $this->has('security.csrf.token_manager')
? $this->get('security.csrf.token_manager')->getToken('authenticate')->getValue()
: null;
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
$array = [
'error' => $error,
'csrf_token' => $csrfToken,
];
$response = new Response(json_encode($array));
return $response;
}
你知道是否需要SSL吗?不知道对不起。默认身份验证工作正常您知道是否需要SSL吗?不知道抱歉。默认的身份验证工作正常
<form class="cd-form">
<p class="fields">
<label class="email" for=login-email">Benutzername</label>
<input id="login-email" name="_username" >
<i class="fa fa-envelope-o" aria-hidden="true"></i>
</p>
<p class="fields">
<input id="login-password" name="_password" placeholder="Passwort">
<i class="fa fa-key" aria-hidden="true"></i>
</p>
<p class="fields-submit">
<input class="full-width" id="modal-login-button" value="Anmelden">
</p>
<input type="hidden" name="_csrf_token" id="login-csrf"
value="{{ csrf_token('authenticate') }}"
>
</form>