禁用laravel中的csrf特定路由

禁用laravel中的csrf特定路由

本文介绍了禁用laravel中的csrf特定路由的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个付款系统,该系统将数据提交到第三方站点,然后将其拖回...

I've a payment system, where data is submitted to 3rd party site and than hauled back...

当数据返回时,它命中特定的网址,例如说/ok路线. $_REQUEST['transaction'].

When data returns it hits specific url lets say /ok route. $_REQUEST['transaction'].

但是由于laravel中间件,我遇到了令牌不匹配的问题.第三方支付API无法生成令牌,因此如何禁用它?只适合这条路线吗?

But because of laravel middleware I'm getting token mismatch. There is no way 3rd party payment API can generate token, so how I disable it? only for this route?

还是有更好的选择?

Route::get('/payment/ok',   'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');

public function Ok( Request $request )
{
    $transId = $request->get('trans_id');

    if ( isset( $transId ) )
    {

        return $transId;

    }

}

推荐答案

自版本 5.1 起,Laravel的 VerifyCsrfToken 中间件允许指定路由,这些路由不包含在CSRF验证中.为此,您需要将路由添加到 App \ Http \ Middleware \ VerifyCsrfToken.php 类中的 $ except 数组中:

Since version 5.1 Laravel's VerifyCsrfToken middleware allows to specify routes, that are excluded from CSRF validation. In order to achieve that, you need to add the routes to $except array in your App\Http\Middleware\VerifyCsrfToken.php class:

<?php namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
  protected $except = [
    'payment/*',
  ];
}

有关详细信息,请参见文档.

See the docs for more information.

这篇关于禁用laravel中的csrf特定路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-03 17:20