Php Laravel路由和CSRF保护
如果我的routes.php文件中有这行代码:Php Laravel路由和CSRF保护,php,laravel,csrf,Php,Laravel,Csrf,如果我的routes.php文件中有这行代码: Route::when('*', 'csrf', array('post', 'put', 'patch', 'delete')); 我还需要这样做吗 Route::group(array('before' => 'csrf'), function() { Route::post('/search', array( 'as' => 'search-post', 'uses' => 'Sea
Route::when('*', 'csrf', array('post', 'put', 'patch', 'delete'));
Route::group(array('before' => 'csrf'), function() {
Route::post('/search', array(
'as' => 'search-post',
'uses' => 'SearchController@postSearch'
));
});
Route::post('/search', array(
'as' => 'search-post',
'uses' => 'SearchController@postSearch'
));
对,;只需使用
Route::post('/search',[…])就可以安全了是;只需使用Route::post('/search',[…])就可以安全了
路由::当
过滤器(内部称为模式过滤器)在public function callRouteBefore($route, $request)
{
$response = $this->callPatternFilters($route, $request);
return $response ?: $this->callAttachedBefores($route, $request);
}
正如您首先看到的,将调用模式过滤器。如果它们返回任何响应,它将从这里返回,否则将调用“正常”前过滤器。
路由::当public function callRouteBefore($route, $request)
{
$response = $this->callPatternFilters($route, $request);
return $response ?: $this->callAttachedBefores($route, $request);
}
正如您首先看到的,将调用模式过滤器。如果他们返回任何响应,它将从此处返回,否则将调用“正常”前置过滤器。如何检查它是否正常工作?我不熟悉CSRF保护。请从表单中删除CSRF令牌,提交它并检查是否有错误。它应该抛出一个异常。@rotaercz在浏览器的开发工具中,更改
input type=“hidden”name=“\u token”input type=“hidden”name=“\u token”