问题
How i Can add or somethink do with csrftoken when paypal send post on my website. My error code: TokenMismatchException in VerifyCsrfToken.php line 53.
Here code:
public function getPaypal(Request $request)
{
$uri = $request->all();
if(isset($uri['tx']))
{
$pp_hostname = "www.sandbox.paypal.com"; // Change to www.sandbox.paypal.com to test against sandbox
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';
$tx_token = $uri['tx'];
$auth_token = "EHNebv....e";
$req .= "&tx=$tx_token&at=$auth_token";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://$pp_hostname/cgi-bin/webscr");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
//set cacert.pem verisign certificate path in curl using 'CURLOPT_CAINFO' field here,
//if your server does not bundled with default verisign certificates.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Host: $pp_hostname"));
$res = curl_exec($ch);
curl_close($ch);
}
回答1:
You don't need to completely disable the middleware just go to VerifyCrsfToken file in app\Http\Middle then edit the protected array $except and include and entry of the route paypal is posting to.
protected $except = [
/paypal/data,
];
回答2:
According to Laravel Docs: http://laravel.com/docs/5.1/routing#csrf-protection.
Excluding URIs From CSRF Protection
Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your webhook handler route from Laravel's CSRF protection.
You may exclude URIs by adding them to the $except property of the VerifyCsrfToken middleware:
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'paypal/*',
];
}
Let me know if it is still not clear.
回答3:
TokenMismatchException is a Laravel error, not PayPal. With every POST request, you need to send a _token value through with it.
If you are sending this through a form, simply echo csrf_field() into your form template.
If you are sending the request from something other than Laravel, you can disable the CSRF protection on that route. Read more about Middleware here: http://laravel.com/docs/5.1/middleware
Read more about it here: http://laravel.com/docs/5.1/routing#csrf-protection
来源:https://stackoverflow.com/questions/32762630/laravel-5-1-csrftoken-curl-from-paypal