Laravel Passport-对于本地Javascript请求,自动绕过OAuth,而不是显示;未经认证。”;
我的护照已经准备好了。我的应用程序包含连接到API的JavaScript AJAX。我正试图使它只基于会话工作,而不必遍历整个OAuth系统 在文档中,看起来这是可能的: 然而,我现在得到的是“未经验证的” Kernel.php:Laravel Passport-对于本地Javascript请求,自动绕过OAuth,而不是显示;未经认证。”;,laravel,laravel-passport,Laravel,Laravel Passport,我的护照已经准备好了。我的应用程序包含连接到API的JavaScript AJAX。我正试图使它只基于会话工作,而不必遍历整个OAuth系统 在文档中,看起来这是可能的: 然而,我现在得到的是“未经验证的” Kernel.php: protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middl
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyParametersMiddleware::class,
'throttle:60,1',
'bindings',
],
];
api.php路由示例:
Route::group(['middleware' => ['auth:api']], function () {
Route::resource('canvas-item', 'CanvasItemController',
[
'only' => [
'index', // GET api/canvas-item
'store', // POST api/canvas-item
'update', // PUT api/canvas-item/{canvas-item-id}
'destroy' // DELETE api/canvas-item/{canvas-item-id}
],
]
);
});
JavaScript请求示例:
function ajaxRequest() {
$.APIAjax({
url: '{{ url('api/canvas-item') }}',
type: 'POST',
data: {
testing: null
},
success: function(jsonResponse) {},
error: function(jsonResponse) {}
});
}
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': token
}
});
文档要求的标题已正确设置:
X-CSRF-TOKEN
"<tokenhere>"
X-Requested-With
"XMLHttpRequest"
X-CSRF-TOKEN
""
X-With
“XMLHttpRequest”
如果请求来自同一台服务器,我可以如何通过“未经验证”吗
谢谢 删除
\App\Http\Middleware\EncryptCookies::class,
从Kernel.php
允许正确验证API路由。如果这不是处理此问题的官方/安全方式,请告知我