31 php laravel laravel-5 laravel-5.1
我有一个支付系统,数据提交给第三方网站,而不是拖回...
当数据返回时它命中特定的url让我们说/ ok route.$_REQUEST['transaction'].
但由于laravel中间件,我得到令牌不匹配.第三方支付API无法生成令牌,所以我如何禁用它?只为这条路线?
还是有更好的选择?
Route::get('/payment/ok', 'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');
public function Ok( Request $request )
{
$transId = $request->get('trans_id');
if ( isset( $transId ) )
{
return $transId;
}
}
jed*_*ylo 86
从版本5.1开始, Laravel的VerifyCsrfToken中间件允许指定从CSRF验证中排除的路由.为了实现这一点,您需要在App\Http\Middleware\VerifyCsrfToken.php类中将路由添加到$ except数组:
<?php namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
'payment/*',
];
}
有关更多信息,请参阅文档.
Get*_*toX 11
从 Laravel 7.7 开始,您可以使用方法,withoutMiddleware例如:
Route::get('/payment/ok', 'TransactionsController@Ok')
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]);
Route::get('/payment/fail', 'TransactionsController@Fail')
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]);
@jedrzej.kurylo 描述的技术非常适合排除一两个页面。
如果您需要从 CSRF 验证中排除大量页面,那么这里有一种不同的技术,并且具有更多的面向未来的能力。
您可以对路由进行分段,并对每个路由应用不同的中间件。因此,您可以将您的支付路由放入单独的路由组中,而不对其应用VerifyCsrfToken。就是这样。
您会注意到在您的routes目录中有以下树:
routes/routes/api.phproutes/web.php在这里创建一个新文件,routes/payment.php并将上面的路由添加到其中:
<?php
use Illuminate\Support\Facades\Route;
Route::get('/payment/ok', 'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');
在 Laravel 中,路由由app\Providers\RouteServiceProvider.php. 您会注意到这些函数:map()和mapWebRoutes()。相应地添加到此文件(为简洁起见,我排除了股票评论)。
public function map()
{
$this->mapApiRoutes();
$this->mapWebRoutes();
$this->mapPaymentRoutes(); // <---- add this line
}
protected function mapWebRoutes()
{
Route::middleware('web')
->namespace($this->namespace)
->group(base_path('routes/web.php'));
}
protected function mapPaymentRoutes() // <--- Add this method
{
Route::middleware('payment') // <--- this line is important
->namespace($this->namespace)
->group(base_path('routes/payment.php'));
}
请注意,我们添加了一个新的中间件层。这对于下一步很重要。
路由组的中间件在 中定义App\Http\Kernel.php。
更新$middlewareGroups属性,并添加“付款”的中间条目。它可以与 完全相同web,但没有该VerifyCsrfToken行。
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\NoClickjack::class,
\App\Http\Middleware\SecureReferrerPolicy::class,
\App\Http\Middleware\NoXssScripting::class,
],
// ********** Add this *******************
'payment' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
// This is the line you want to comment-out / remove
// \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\NoClickjack::class,
\App\Http\Middleware\SecureReferrerPolicy::class,
\App\Http\Middleware\NoXssScripting::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
现在,每当您添加需要从 CSRF 令牌检查中排除的新路由时,请将它们添加到文件中routes/payment.php。
| 归档时间: |
|
| 查看次数: |
18628 次 |
| 最近记录: |