问题
I am just starting out so please forgive me. I have a solid grasp on CodeIgniter, so I understand what is going on. However, I am noticing that my CSRF token is empty when I am creating a form. I am working through the laracasts videos to get a gasp on Laravel workflow.
myfile.blade.php
{!! Form::open((array('action' => 'MyController@method'))) !!}
...
{{!! Form::close() !!}}
Here is what I am getting when I view the source:
<form method="POST" action="http://mysite.dev/route" accept-charset="UTF-8">
<input name="_token" type="hidden">
</form>
I've looked through the config directory, but see nothing on having to enable csrf. Is there an additional setting somewhere I need to update?
Thank you for your suggestions.
EDIT
Even this gives me an empty hidden input field:
{{ Form::token() }} // <input name="_token" type="hidden">
EDIT
Here is what my controller looks like:
//use Illuminate\Http\Request;
use Request;
use App\Article;
use App\Http\Requests;
use App\Http\Controllers\Controller;
public function store(Request $request)
{
$input = Request::all();
return $input;
}
So my updated form tag looks like this:
{!! Form::open((array('action' => 'ArticleController@store'))) !!}
...
When I submit, I can see the json response - the token is obviously empty.
{"_token":"","title":"test","body":"test"}
回答1:
The Laravel Fundamental series is for Laravel 5.0 so you have a few options. You can install Laravel 5.0 to continue with that series. In order to install L5.0, you need to run this command:
composer create-project laravel/laravel {directory} "~5.0.0" --prefer-dist
If you want to use Laravel 5.2 though (which I would recommend and Jeffrey Way will most likely release a series on this soon), there are several extra things to take into consideration.
First, put all your routes inside a "web" middleware group like this:
Route::group(['middleware' => ['web']], function () {
// Put your routes inside here
});
In the past, there were several middlewares that ran on every request by default. In 5.2, this is no longer the case. For example, the token is stored in the session, but in 5.2, things like the "StartSession" middleware are not automatically applied. As a result, the "web" middleware need to be applied to your routes. The reason for this change in 5.2:
Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a
webgroup, and perhaps the rate limiter in theapigroup.
Also, in the Laravel Fundamental series, Jeffrey pulls in the "illuminate/html" package, but now, most people use the laravel collective package. They handle a lot of the Laravel packages that are taken out of the core. As a result, I would remove the "illuminate/html" package. In your composer.json file, remove "illuminate/html: 5.0" (or whatever is in the require section). Also, remove the corresponding service provider and form facades that you added to your config/app.php file.
To install the laravel collective version, add this in your composer.json file instead: "laravelcollective/html": "5.2.*-dev". Then, run composer update. Once that's done, in your config/app.php file, add this to your providers array:
Collective\Html\HtmlServiceProvider::class,
and add this to your aliases array:
'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,
I hope I'm not missing anything else.
回答2:
This is a config issue .You need to set the app key in your config file ...config/app.php to a 32 character string or use artisan cli php artisan key:generate to genearte the key for you to be able to use the CSRF token .
Also make sure that you include routes that use the CSRF token in the web group route .
You may exclude URIs by defining their routes outside of the web middleware group that is included in the default routes.php file, or by adding the URIs to the $except property of the VerifyCsrfToken middleware: http://laravel.com/docs/5.2/routing#csrf-protection
回答3:
If you have a login page and you want to clear out the session using:
Session::flush();
Don't forget that this also cleans out the csrf token before it can be put in the view
回答4:
It should be
{!! Form::open((array('action' => 'MyController@method'))) !!}
...
{!! Form::close() !!}
回答5:
I have solved the issue of HtmlService provider actually 5.2 version removed Illuminate and add collective follow the step to solve the issue:
composer require laravelcollective/htmlcomposer update- add in config/app.php
'providers' => ['Collective\Html\HtmlServiceProvider'],
'aliases' => [
'Form' => 'Collective\Html\FormFacade',
'Html' => 'Collective\Html\HtmlFacade',
],
Then you are able to use that form.
来源:https://stackoverflow.com/questions/34422751/why-is-my-csrf-token-empty-when-using-formopen