我有一份工作表:
{!! Form::open() !!}
<div class="form-group">
<label for="name">Name</label>
<input type="text" class="form-control" id="name" placeholder="Name">
</div>
<div class="form-group">
<label for="division">Division</label>
<input type="text" class="form-control" id="division" placeholder="Division">
</div>
{!! Form::submit('send', array('class'=>'btn btn-success pull-right')) !!}
{!! Form::close() !!}
这可以作为提交和存储输入的独立页面.现在我需要将它放在iframe中,以便可以从其他网站调用它.当我这样做时:
<iframe src="http://1.1.1.1/register_user" style="width:600px;height:500px;"></iframe>
表单显示但是当用户提交时,他们会得到以下内容:
TokenMismatchException in VerifyCsrfToken.php line 53:
1. in VerifyCsrfToken.php line 53
2. at VerifyCsrfToken->handle(object(Request), object(Closure))
3. at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
4. at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in ShareErrorsFromSession.php line 54
5. at ShareErrorsFromSession->handle(object(Request), object(Closure))
6. at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
7. at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 62
8. at StartSession->handle(object(Request), object(Closure))
9. at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
10. at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
11. at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
12. at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
13. at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 59
14. at EncryptCookies->handle(object(Request), object(Closure))
15. at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
16. at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
17. at CheckForMaintenanceMode->handle(object(Request), object(Closure))
18. at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
19. at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
20. at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
21. at Pipeline->then(object(Closure)) in Kernel.php line 122
22. at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 87
23. at Kernel->handle(object(Request)) in index.php line 54
这是我在日志中看到的:
[2015-08-10 00:52:21] production.ERROR: exception
'Illuminate\Session\TokenMismatchException' in /home/forge/default/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:53
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#2 /home/forge/default/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(54): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#4 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#5 /home/forge/default/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#7 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#8 /home/forge/default/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
#10 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#11 /home/forge/default/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#13 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#14 /home/forge/default/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(42): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#16 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#18 /home/forge/default/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#19 /home/forge/default/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#20 /home/forge/default/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#21 /home/forge/default/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#22 {main}
我做错了什么导致iframe不匹配,我该如何解决?
Laravel 5 启用了一个全局中间件调用VeryifyCsrfToken,它检查所有POST请求以获取令牌以应用跨站点请求伪造保护.
跨站点请求伪造是一种恶意利用,其中代表经过身份验证的用户执行未经授权的命令.
允许用户从不同域上的iframe提交表单正是Laravels CSRF保护试图阻止的事情.
有一种方法可以禁用某些URL的CSRF验证.您可以向$except阵列添加新项目,以从CSRF验证中排除该URL.
HTTP /中间件/ VerifyCsrfToken.php
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'your/uri'
];
}