laravel ajax token,php - Laravel csrf token mismatch for ajax POST Request - Stack Overflow

于 2021-08-06 18:29:39 发布
阅读量240 收藏
点赞数
文章标签: laravel ajax token
这篇博客介绍了 Laravel 框架中用于防止跨站请求伪造(CSRF)的 X-XSRF-TOKEN 的设置和使用。内容包括 Angular 等框架默认设置此 cookie 的情况,以及如何通过 JavaScript 设置 AJAX 请求头来使用该 token。文中还提到了 Laravel 的 CSRF 保护文档,并给出了从 meta 标签获取 token 的推荐方法,以及在 axios 中设置 CSRF token 的示例代码。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Know that there is an X-XSRF-TOKEN cookie that is set for convenience. Framework like Angular and others set it by default. Check this in the doc https://laravel.com/docs/5.7/csrf#csrf-x-xsrf-token

You may like to use it.

The best way is to use the meta, case the cookies are deactivated.

var xsrfToken = decodeURIComponent(readCookie('XSRF-TOKEN'));

if (xsrfToken) {

$.ajaxSetup({

headers: {

'X-XSRF-TOKEN': xsrfToken

}

});

} else console.error('....');

Here the recommended meta way (you can put the field any way, but meta is quiet nice):

$.ajaxSetup({

headers: {

'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')

}

});

Note the use of decodeURIComponent(), it's decode from uri format which is used to store the cookie. [otherwise you will get an invalid payload exception in laravel].

Here the section about the csrf cookie in the doc to check :

https://laravel.com/docs/5.7/csrf#csrf-x-csrf-token

Also here how laravel (bootstrap.js) is setting it for axios by default:

let token = document.head.querySelector('meta[name="csrf-token"]');

if (token) {

window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;

} else {

console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');

}

you can go check resources/js/bootstrap.js.

And here read cookie function:

function readCookie(name) {

var nameEQ = name + "=";

var ca = document.cookie.split(';');

for (var i = 0; i < ca.length; i++) {

var c = ca[i];

while (c.charAt(0) == ' ') c = c.substring(1, c.length);

if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);

}

return null;

}

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值