1. 技术文章
  2. Post to Laravel 5 from 3rd party API

Post to Laravel 5 from 3rd party API

我与影子孤独终老i 提交于 2019-12-11 05:23:17

问题


I'm using Laravel 5 to build a basic app.

I'm using a third party SMS gateway which takes an SMS and POST the results to my app. I'm testing it locally using Postman for Chrome, and Requestb.in

My Problem: When I try to POST to my app, I get a "whoops" error from Laravel, status code 405.

My Hunch: I have a feeling this is because of default CSRF failing. The request is coming from outside of my app's ecosystem.

In my routes I have:

Route::post('/sms/', 'SMSController@create');

SMSController: 

public function create(Request $request)
    {
       //keeping it simple for now
        return view('hello');
    }

Question: Is this the problem, and if so, how do I disable CSRF from one route only.

Many thanks!


回答1:


You could change handle method in app/Http/Middleware/VerifyCsrfToken.php to do so. 

class VerifyCsrfToken extends BaseVerifier {

    protected $excludes = [ // Route patterns
        'sms',
        'sms/*'
    ];

    public function handle($request, Closure $next)
    {
        foreach ($this->excludes as $pattern) 
        {
            if ($request->is($pattern)) 
            {
                return $next($request);
            }
        }

        return parent::handle($request, $next);
    }

Update

According to Laravel Documentation, from Laravel 5.1+ you are able to define the URIs that should be excluded from CSRF verification by adding them to the $except property of the VerifyCsrfToken middleware.

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    protected $except = [
        'sms/*',
    ];



回答2:


I just realized that L5 now has exclusion lists as a feature:

<?php namespace APPNAMESPACE\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
          'example1',
          'example2/example3',
    ];
}



回答3:


Should be getting a token mismatch error, unfortunately CSRF is baked in - here is a way to extend the middleware and add an exclusion list:

https://laracasts.com/discuss/channels/general-discussion/l5-disable-csrf-middleware-on-certain-routes




回答4:


After trying different option like you all, my search ceased when I found the simple and short code to pass all the api/* calls in the app/Http/Middleware/VerifyCsrfToken.php just replace this code,

public function handle($request, Closure $next)
{   
    if( ! $request->is('api/*')){
        return parent::handle($request, $next); 
    }

    return $next($request);
}

It works like charm in Laravel 5. Although, the new laravel 5.1 this could be done with this code,

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        //
    ];
}

This can be found here Laravel VerifyCsrfToken.php



来源:https://stackoverflow.com/questions/30265905/post-to-laravel-5-from-3rd-party-api

标签
laravel
laravel-5
laravel-routing
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!