Javascript Laravel-Dropzone.js的Tokenmissmatchexception
我使用dropzone.js将图像上传到我的站点,但是Laravel总是报告TokenMitchException,尽管我使用Form::open in Form,它会自动添加_标记 这是我的代码:Javascript Laravel-Dropzone.js的Tokenmissmatchexception,javascript,laravel,laravel-4,dropzone.js,Javascript,Laravel,Laravel 4,Dropzone.js,我使用dropzone.js将图像上传到我的站点,但是Laravel总是报告TokenMitchException,尽管我使用Form::open in Form,它会自动添加_标记 这是我的代码: {{ Form::open(["class" => "dropzone", "id" => "imgUpload", "action" => "UploadsController@uploadImage"]) }} <div class="fallback">
{{ Form::open(["class" => "dropzone", "id" => "imgUpload", "action" => "UploadsController@uploadImage"]) }}
<div class="fallback">
{{ Form::submit() }}
</div>
{{ Form::close() }}
如何解决这个问题?通过AJAX发布时,Dropzone似乎不包含令牌。你可以用这样的东西来让它这么做
Dropzone.options.imgUpload = {
paramName: "file",
dictDefaultMessage: "Pošalji sliku",
acceptedFiles: "image/*",
previewsContainer: ".dropzone-previews",
uploadprogress: function(progress, bytesSent) {
console.log(progress);
},
sending: function(file, xhr, formData) {
// Pass token. You can use the same method to pass any other values as well such as a id to associate the image with for example.
formData.append("_token", $('[name=_token']).val()); // Laravel expect the token post value to be named _token by default
}
};
我在这里找到了那个片段
通过AJAX提交的令牌和表单似乎也存在一些问题。在这种情况下,您将希望在初始化dropzone时包含额外的标头
Dropzone.options.imgUpload = {
paramName: "file",
dictDefaultMessage: "Pošalji sliku",
acceptedFiles: "image/*",
previewsContainer: ".dropzone-previews",
headers: {
"X-CSRF-Token": $('[name=_token').val())
},
uploadprogress: function(progress, bytesSent) {
console.log(progress);
}
};
为了利用这一点,在filters.php中修改您的CSRF过滤器,以便在我们通过AJAX提交时检查该标题
Route::filter('csrf', function()
{
$token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchException;
}
});
是否在UploadsController构造函数中设置任何筛选器?即$此->beforeFilterI在路由中添加了全局保护:路由::when'*',csrf',数组'post',put',delete';我以前试过,但都一样。当我打开FireBug时,我可以看到dropzone正在发送_令牌,当我包含您的代码时,它会发送_令牌两次,所以肯定还有另一个问题。我刚刚比较了meta标记中的令牌和dropzone ajax请求中的令牌,它们完全相同,那么可能是什么问题。我可能有另一个想法,你能更新你的问题,包括你的CSRF滤波器吗?同样的事情,真的很奇怪。在我从filters.php中删除csrffilter之后,一切都正常了,但我的应用程序当然没有受到保护。这很奇怪。查看是否可以在过滤器中使用var_dumpSession::token,并查看使用firebug检查时是否返回任何值。
Route::filter('csrf', function()
{
$token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() != $token) {
throw new Illuminate\Session\TokenMismatchException;
}
});