Laravel:Webhook需要绕过Laravel';s CSRF验证
在两个地方,我发现通过设置Laravel:Webhook需要绕过Laravel';s CSRF验证,laravel,laravel-5,laravel-routing,Laravel,Laravel 5,Laravel Routing,在两个地方,我发现通过设置protected$except变量,可以绕过Laravel csrf保护。但根据文件,它似乎不起作用: 而且 我用的是5.1 下面是routes.php中的 Route::match(['post'], '/webhooks/provider/callback/{version}', [ 'as' => 'provider.webhooks.callback', 'uses' => 'WebhookController@callback' ])
protected$except
变量,可以绕过Laravel csrf保护。但根据文件,它似乎不起作用:
而且
我用的是5.1
下面是routes.php中的
Route::match(['post'], '/webhooks/provider/callback/{version}', [
'as' => 'provider.webhooks.callback', 'uses' => 'WebhookController@callback'
]);
Route::match(['post'], '/webhooks/provider/fallback/{version}', [
'as' => 'provider.webhooks.fallback', 'uses' => 'WebhookController@fallback'
]);
这里是
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier {
protected $except = [
'webhooks/*',
'/webhooks/*',
];
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
}
然而,我已经通过注释解决了这个问题,但仍然设置了$,除了应该根据文档工作;不是吗
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel {
protected $middleware = [
//'App\Http\Middleware\VerifyCsrfToken',
];
}
修改app/Http/Middleware/VerifyCsrfToken.php
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];
//modify this function
public function handle($request, Closure $next)
{
//add this condition
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
return parent::handle($request, $next);
}
在$openRoutes
数组中,会给出您的路由,这将被忽略。因此对于Laravel 5.0,您可以使用此选项
private $openRoutes = ['webhooks/free', 'webhooks/*'];
public function handle($request, Closure $next)
{
if(in_array($request->path(), $this->openRoutes)){
return $next($request);
}
return parent::handle($request, $next);
}
对于Laravel 5.1,您可以使用此功能
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'stripe/*',
];
}
仅当他们使用的是Laravel 5.0
。如果他们使用的是Laravel 5.1
这是不需要的。您可以发布您的路由文件吗?您是否已将路线设置为“/stripe/webhook”?是否使用Laravel 5.1?是的,它是5.1@Shift Exchange,您是否可以发布路线?您确定它是5.1吗?因为BaseVerifer来自5.0,而不是5.1
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];
//modify this function
public function handle($request, Closure $next)
{
//add this condition
foreach($this->openRoutes as $route) {
if ($request->is($route)) {
return $next($request);
}
}
return parent::handle($request, $next);
}
private $openRoutes = ['webhooks/free', 'webhooks/*'];
public function handle($request, Closure $next)
{
if(in_array($request->path(), $this->openRoutes)){
return $next($request);
}
return parent::handle($request, $next);
}
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'stripe/*',
];
}