问题描述

我正在使用 Laravel 5 开发应用程序.我的应用程序与 VendHQ API 连接，我打算通过他们的 webhook 从 VendHQ 获取一些数据.根据他们的文档

I am using Laravel 5 for developing an app. My app is connected with VendHQ API and I am intended to get some data from VendHQ through their webhook. As per their Documentation

当一个事件发生并触发一个 webhook 时，我们将发送一个 POST请求到您选择的 URL.POST 请求将在UTF-8 字符集和 application/x-www-form-urlencoded 编码.

When an event happens and triggers a webhook, we’ll send a POST request to a URL of your choosing. The POST request will be in the UTF-8 charset, and application/x-www-form-urlencoded encoding.

问题是，当他们尝试向我的 Laravel 应用程序发送 POST 请求时，他们的发布请求中没有添加 CSRF 令牌，并且 VerifyCsrfToken 中间件正在寻找令牌，最后它抛出一个 <代码>TokenMismatchException.

The problem is, when they try to send a POST request to my Laravel app, no CSRF Token is added in their post request and VerifyCsrfToken middleware is looking for a token and finally it throws a TokenMismatchException.

我的问题是，如何在保持其他发布请求处于活动状态的同时避免某些特定路由的默认 VerifyCsrfToken 中间件?

My question is, how can I avoid this default VerifyCsrfToken Middleware for some specific routes while keeping other post requests active?

推荐答案

Laravel 5 中所有路由默认开启 CSRF，你可以通过修改 app/Http/Middleware/VerifyCsrfToken.php 为特定路由禁用它

CSRF is enabled by default on all Routes in Laravel 5, you can disable it for specific routes by modifying app/Http/Middleware/VerifyCsrfToken.php

//app/Http/Middleware/VerifyCsrfToken.php

//add an array of Routes to skip CSRF check
private $openRoutes = ['free/route', 'free/too'];

//modify this function
public function handle($request, Closure $next)
    {
        //add this condition 
    foreach($this->openRoutes as $route) {

      if ($request->is($route)) {
        return $next($request);
      }
    }

    return parent::handle($request, $next);
  }

来源

这篇关于在 Laravel 5 中，如何禁用特定路由的 VerifycsrfToken 中间件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！