Laravel:Webhook需要绕过Laravel'；s CSRF验证_Laravel_Laravel 5_Laravel Routing

Laravel:Webhook需要绕过Laravel'；s CSRF验证

laravel laravel-5

Laravel:Webhook需要绕过Laravel'；s CSRF验证,laravel,laravel-5,laravel-routing,Laravel,Laravel 5,Laravel Routing,在两个地方，我发现通过设置protected$except变量，可以绕过Laravel csrf保护。但根据文件，它似乎不起作用：而且我用的是5.1 下面是routes.php中的 Route::match(['post'], '/webhooks/provider/callback/{version}', [ 'as' => 'provider.webhooks.callback', 'uses' => 'WebhookController@callback' ])

在两个地方，我发现通过设置

protected$except

变量，可以绕过Laravel csrf保护。但根据文件，它似乎不起作用：

而且

我用的是5.1

下面是routes.php中的

Route::match(['post'], '/webhooks/provider/callback/{version}', [
    'as' => 'provider.webhooks.callback', 'uses' => 'WebhookController@callback'
]);
Route::match(['post'], '/webhooks/provider/fallback/{version}', [
    'as' => 'provider.webhooks.fallback', 'uses' => 'WebhookController@fallback'
]);

这里是

<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier {
    protected $except = [
        'webhooks/*',
        '/webhooks/*',
    ];
    public function handle($request, Closure $next)
    {
        return parent::handle($request, $next);
    }
}

然而，我已经通过注释解决了这个问题，但仍然设置了

$，除了应该根据文档工作；不是吗
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel {
    protected $middleware = [
        //'App\Http\Middleware\VerifyCsrfToken',
    ];
}

修改app/Http/Middleware/VerifyCsrfToken.php

//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];

//modify this function
public function handle($request, Closure $next)
    {
        //add this condition 
    foreach($this->openRoutes as $route) {

      if ($request->is($route)) {
        return $next($request);
      }
    }

    return parent::handle($request, $next);
  }


在$openRoutes
数组中，会给出您的路由，这将被忽略。
因此对于Laravel 5.0，您可以使用此选项
private $openRoutes = ['webhooks/free', 'webhooks/*'];

public function handle($request, Closure $next)
{
   if(in_array($request->path(), $this->openRoutes)){
    return $next($request);
   }

    return parent::handle($request, $next);
}

对于Laravel 5.1，您可以使用此功能
<?php

namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
 /**
 * The URIs that should be excluded from CSRF verification.
 *
 * @var array
 */
 protected $except = [
                       'stripe/*',
                     ];
 }

仅当他们使用的是Laravel 5.0
。如果他们使用的是Laravel 5.1这是不需要的。您可以发布您的路由文件吗？您是否已将路线设置为“/stripe/webhook”？是否使用Laravel 5.1？是的，它是5.1@Shift Exchange，您是否可以发布路线？您确定它是5.1吗？因为BaseVerifer来自5.0，而不是5.1
//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];

//modify this function
public function handle($request, Closure $next)
    {
        //add this condition 
    foreach($this->openRoutes as $route) {

      if ($request->is($route)) {
        return $next($request);
      }
    }

    return parent::handle($request, $next);
  }

private $openRoutes = ['webhooks/free', 'webhooks/*'];

public function handle($request, Closure $next)
{
   if(in_array($request->path(), $this->openRoutes)){
    return $next($request);
   }

    return parent::handle($request, $next);
}

<?php

namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
 /**
 * The URIs that should be excluded from CSRF verification.
 *
 * @var array
 */
 protected $except = [
                       'stripe/*',
                     ];
 }