React Fetch 到 Laravel API 创建新会话

php问题 得得之家
React Fetch to Laravel API Creates New Session(React Fetch 到 Laravel API 创建新会话)
本文介绍了React Fetch 到 Laravel API 创建新会话的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

My app is using React on the front end and Laravel 5.4 on the backend. I'm using fetch() to request data from the backend. The problem is that two sessions are created when the page loads. A TokenMismatchException is thrown by the CSRF Middleware when a POST request is made because the token that is sent matches the first session that is created, but it checks against the second.

I'm setting the token in app.blade.php

<meta name="_token" content="{{ csrf_token() }}">

And grabbing the token in the fetch config

fetchConfig = {
    headers:  {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'X-CSRF-TOKEN': $('meta[name="_token"]').attr('content')
    },
    credentials: 'same-origin'
}}

Here are the decrypted sessions:

a:3:{s:6:"_token";s:40:"7obvOzPaqqJDtVdij8RaqrvmTFLjKA2qnvYMxry6";s:9:"_previous";a:1:{s:3:"url";s:24:"http://localhost/page";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}

a:3:{s:6:"_token";s:40:"5Aiws9Qy72YzlkfWX81zkhzrSeiMDYjFWiLeDAwN";s:9:"_previous";a:1:{s:3:"url";s:41:"http://localhost/api/page";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}

Request URL: http://localhost/page

API URL: http://localhost/api/page

How can I prevent a new session from being created when the React app makes its initial GET request?

解决方案

Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application. : https://laravel.com/docs/5.4/csrf

APIs are stateless. There is nothing like session in APIs. So you shouldn't use CSRF token in API. If you check Kernel.php of laravel. You will see Tylor didn't add VerifyCsrf middleware in API group. Which suggest that CSRF is only used in the request having session i.e, stateful request. I would recommend you to use JWT based authentication system for API. For more about JWT check here.

You can use this laravel package for JWT : https://github.com/tymondesigns/jwt-auth

这篇关于React Fetch 到 Laravel API 创建新会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

将JSON整数和浮点数转换为字符串
Convert JSON integers and floats to strings(将JSON整数和浮点数转换为字符串)
在php中,如何使用preg替换将URL转换为TinyURL
in php how do I use preg replace to turn a url into a tinyurl(在php中,如何使用preg替换将URL转换为TinyURL)
ICS日历文件的全天约会不起作用
all day appointment for ics calendar file wont work(ICS日历文件的全天约会不起作用)
Trim函数提供了意外的值php
trim function is giving unexpected values php(Trim函数提供了意外的值php)
到MySQL的基本PDO连接
Basic PDO connection to MySQL(到MySQL的基本PDO连接)
Php number_Format返回1.00
PHP number_format returns 1.00(Php number_Format返回1.00)
前端问题php问题Java问题Python问题C/C++问题C#/.NET问题移动开发问题数据库问题
html vue validate adobe dreamweaver hbuilder vscode aptana editor dedecms ckeditor 编辑器 过滤 规则 织梦 图片本地化 模板 缩略图 图集 图片删除 ajax 瀑布流 无限下拉 cms 判断 sql 清除 tag 文档数 angularjs2 按钮 切换效果 vue3 thinkphp yii2 css 项目列表 li go Beego Buffalo Echo Gin Iris Revel 百度云 虚拟主机 pbootcms 伪静态 框架 排序 数据库 对象 字段 sql语句 php 字符串 分割 D3.js bootstrap 函数 svg selectAll 织梦cms 关键词 解析 采集 长度限制 日期 正则表达式