ddw*_*147 7 php android json csrf laravel
我倾斜laravel框架,我已经安装了5.0版本.我将它用于json api服务,它将在调用某些路由后给出JSON输出.如果我从浏览器中获取URL,它的效果非常好.但是当我尝试从我的Android应用程序访问时,它会给出错误,即文件未找到异常(java.io.filenotfoundexception).检查日志后我得到了laravel有Token Mismatch Exception错误的点.laravel需要csrf令牌来访问它的资源.我有选择,我可以禁用该身份验证,但它似乎不太安全.
我可以以某种方式允许从我的Android应用程序访问laravel应用程序而不是从其他应用程序?我们可以从Android应用程序指定csrf键吗?
Ben*_*aar 12
如果您不想禁用CSRF令牌,则需要在一个请求中检索CSRF,然后将检索到的令牌与POST请求一起传递.
// Create a new HttpClient and Post Header
HttpClient httpclient = new DefaultHttpClient();
// Get the CSRF token
httpClient.execute(new HttpGet("http://www.yoursite.com/"));
CookieStore cookieStore = httpClient.getCookieStore();
List <Cookie> cookies = cookieStore.getCookies();
for (Cookie cookie: cookies) {
if (cookie.getName().equals("XSRF-TOKEN")) {
CSRFTOKEN = cookie.getValue();
}
}
// Access POST route using CSRFTOKEN
HttpPost httppost = new HttpPost("http://www.yoursite.com/your-post-route");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("_token", CSRFTOKEN));
nameValuePairs.add(new BasicNameValuePair("stringdata", "Hello!"));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
} catch (IOException e) {
// TODO Auto-generated catch block
}