{"id":23081,"date":"2024-11-21T12:54:53","date_gmt":"2024-11-21T04:54:53","guid":{"rendered":"https:\/\/fwq.ai\/blog\/23081\/"},"modified":"2024-11-21T12:54:53","modified_gmt":"2024-11-21T04:54:53","slug":"laravel%e5%85%b3%e9%97%adtoken%e9%aa%8c%e8%af%81","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/23081\/","title":{"rendered":"laravel\u5173\u95edtoken\u9a8c\u8bc1"},"content":{"rendered":"

laravel\u662f\u4e00\u4e2a\u6d41\u884c\u7684php\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u5f88\u591a\u65b9\u4fbf\u7684\u529f\u80fd\u548c\u5de5\u5177\uff0c\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u5feb\u901f\u3001\u9ad8\u6548\u5730\u6784\u5efaweb\u5e94\u7528\u7a0b\u5e8f\u3002\u5176\u4e2d\u4e00\u4e2a\u91cd\u8981\u7684\u529f\u80fd\u662ftoken\u9a8c\u8bc1\uff0c\u5b83\u662f\u4e00\u79cd\u5b89\u5168\u673a\u5236\uff0c\u7528\u4e8e\u786e\u4fdd\u7528\u6237\u7684\u4fe1\u606f\u4e0d\u4f1a\u88ab\u975e\u6cd5\u8bbf\u95ee\u6216\u4fee\u6539\u3002\u4f46\u6709\u65f6\u5019\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6682\u65f6\u5173\u95edtoken\u9a8c\u8bc1\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5728laravel\u4e2d\u5982\u4f55\u5173\u95edtoken\u9a8c\u8bc1\u3002<\/p>\n

\u4e00\u3001\u4e3a\u4ec0\u4e48\u5173\u95edToken\u9a8c\u8bc1\uff1f<\/p>\n

\u5728Laravel\u4e2d\uff0cToken\u9a8c\u8bc1\u662f\u9ed8\u8ba4\u5f00\u542f\u7684\u3002\u5f53\u7528\u6237\u901a\u8fc7Web\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u767b\u5f55\u6216\u6ce8\u518c\u65f6\uff0cLaravel\u4f1a\u81ea\u52a8\u751f\u6210\u4e00\u4e2aToken\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\u548c\u9632\u6b62\u6076\u610f\u653b\u51fb\u3002\u8fd9\u53ef\u4ee5\u63d0\u9ad8Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\uff0c\u51cf\u5c11\u6f5c\u5728\u7684\u98ce\u9669\u3002<\/p>\n

\u4f46\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5f00\u53d1\u8005\u53ef\u80fd\u9700\u8981\u6682\u65f6\u5173\u95edToken\u9a8c\u8bc1\u3002\u4f8b\u5982\uff0c\u5f53\u5f00\u53d1\u4eba\u5458\u6b63\u5728\u8fdb\u884c\u6d4b\u8bd5\u6216\u8c03\u8bd5\u65f6\uff0c\u5173\u95edToken\u9a8c\u8bc1\u53ef\u4ee5\u52a0\u5feb\u5f00\u53d1\u901f\u5ea6\u548c\u6548\u7387\u3002\u6b64\u5916\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u8c03\u7528\u7b2c\u4e09\u65b9API\u6216\u96c6\u6210\u5176\u4ed6\u7cfb\u7edf\u65f6\uff0c\u9700\u8981\u4e34\u65f6\u7981\u7528Token\u9a8c\u8bc1\u3002<\/p>\n

\u4e8c\u3001\u5982\u4f55\u5173\u95edToken\u9a8c\u8bc1\uff1f<\/p>\n

\u5728Laravel\u4e2d\uff0c\u5173\u95edToken\u9a8c\u8bc1\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u65b9\u5f0f\u5b9e\u73b0\u3002<\/p>\n

    \n
  1. \u5728\u4e2d\u95f4\u4ef6\u4e2d\u5173\u95edToken\u9a8c\u8bc1<\/li>\n<\/ol>\n

    \u4e2d\u95f4\u4ef6\u662fLaravel\u4e2d\u4e00\u4e2a\u975e\u5e38\u5f3a\u5927\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u7528\u4e8e\u5904\u7406HTTP\u8bf7\u6c42\u548c\u54cd\u5e94\u3002\u5728Laravel\u4e2d\uff0cToken\u9a8c\u8bc1\u662f\u5728\u4e2d\u95f4\u4ef6\u4e2d\u5b9e\u73b0\u7684\u3002\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4e2d\u95f4\u4ef6\u4e2d\u4fee\u6539Token\u9a8c\u8bc1\u7684\u884c\u4e3a\u3002<\/p>\n

    \u8981\u5173\u95edToken\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u7f16\u8f91AppHttpMiddlewareVerifyCsrfToken.php\u6587\u4ef6\uff0c\u5c06\u5176\u8f6c\u6362\u4e3a\u4ee5\u4e0b\u4ee3\u7801\uff1a<\/p>\n

    <?php namespace AppHttpMiddleware;\n\nuse IlluminateFoundationHttpMiddlewareVerifyCsrfToken as Middleware;\n\nclass VerifyCsrfToken extends Middleware\n{\n    \/**\n     * The URIs that should be excluded from CSRF verification.\n     *\n     * @var array\n     *\/\n    protected $except = [\n        \/\/\n    ];\n\n    \/**\n     * Determine if the session and input CSRF tokens match.\n     *\n     * @param  IlluminateHttpRequest  $request\n     * @return bool\n     *\/\n    protected function tokensMatch($request)\n    {\n        return true;\n    }\n}<\/pre>\n
      \u767b\u5f55\u540e\u590d\u5236   <\/p>\n
    \u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u6211\u4eec\u901a\u8fc7\u8986\u76d6tokensMatch()\u51fd\u6570\u6765\u5173\u95edToken\u9a8c\u8bc1\u3002tokensMatch()\u51fd\u6570\u662f\u7528\u4e8e\u6bd4\u8f83\u8f93\u5165\u7684\u4ee4\u724c\u548cSession\u4e2d\u7684\u4ee4\u724c\u662f\u5426\u5339\u914d\u7684\u51fd\u6570\u3002\u901a\u8fc7\u8fd4\u56detrue\uff0c\u6211\u4eec\u7981\u7528\u4e86Token\u9a8c\u8bc1\u3002<\/p>\n
    \u8bf7\u6ce8\u610f\uff0c\u8fd9\u79cd\u65b9\u6cd5\u5e76\u4e0d\u662f\u5b8c\u5168\u5b89\u5168\u7684\u3002\u5173\u95edToken\u9a8c\u8bc1\u4f1a\u4f7f\u60a8\u7684Web\u5e94\u7528\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230CSRF\u653b\u51fb\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u53ea\u5efa\u8bae\u5728\u6d4b\u8bd5\u548c\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u4f7f\u7528\u3002<\/p>\n
      \n
    1. \u5728\u8def\u7531\u4e2d\u5173\u95edToken\u9a8c\u8bc1<\/li>\n<\/ol>\n
      \u53e6\u4e00\u79cd\u5173\u95edToken\u9a8c\u8bc1\u7684\u65b9\u6cd5\u662f\u5728\u8def\u7531\u4e2d\u4f7f\u7528withoutMiddleware()\u51fd\u6570\u3002\u8fd9\u4e2a\u51fd\u6570\u53ef\u4ee5\u5e2e\u52a9\u6211\u4eec\u8df3\u8fc7\u6307\u5b9a\u7684\u4e2d\u95f4\u4ef6\uff0c\u5305\u62ecToken\u9a8c\u8bc1\u4e2d\u95f4\u4ef6\u3002<\/p>\n
      \u8981\u4f7f\u7528withoutMiddleware()\u51fd\u6570\uff0c\u60a8\u9700\u8981\u901a\u8fc7\u8def\u7531\u8c03\u7528\u6307\u5b9a\u7684\u63a7\u5236\u5668\u548c\u51fd\u6570\u3002\u4f8b\u5982\uff1a<\/p>\n
      Route::get('\/example', 'ExampleController@exampleFunction')-&gt;withoutMiddleware(['auth', 'csrf']);<\/pre>\n
        \u767b\u5f55\u540e\u590d\u5236   <\/p>\n
      \u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u6211\u4eec\u4f7f\u7528withoutMiddleware()\u51fd\u6570\u5c06Token\u9a8c\u8bc1\u4e2d\u95f4\u4ef6\u4ece\u8def\u7531\u4e2d\u5220\u9664\u3002\u8fd9\u5c06\u5141\u8bb8\u6211\u4eec\u4f7f\u7528\u4e0d\u5305\u542bToken\u7684HTTP\u8bf7\u6c42\u3002<\/p>\n
      \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u8fd9\u79cd\u65b9\u6cd5\u540c\u6837\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5efa\u8bae\u5728\u5fc5\u8981\u7684\u60c5\u51b5\u4e0b\u4f7f\u7528\u3002<\/p>\n
      \u4e09\u3001\u5f00\u542fToken\u9a8c\u8bc1<\/p>\n
      \u5728\u60a8\u5b8c\u6210\u6d4b\u8bd5\u6216\u7981\u7528Token\u9a8c\u8bc1\u7684\u64cd\u4f5c\u540e\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u5f00\u542fToken\u9a8c\u8bc1\uff0c\u786e\u4fdd\u60a8\u7684Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u540c\u6837\u7684\u65b9\u6cd5\u5f00\u542fToken\u9a8c\u8bc1\uff0c\u53ea\u9700\u8981\u5220\u9664\u4fee\u6539\u540e\u7684\u4ee3\u7801\u5373\u53ef\u3002<\/p>\n
      \u5728Laravel\u4e2d\uff0c\u542f\u7528Token\u9a8c\u8bc1\u975e\u5e38\u7b80\u5355\u3002\u53ea\u9700\u8981\u786e\u4fddVerifyCsrfToken\u4e2d\u95f4\u4ef6\u88ab\u6ce8\u518c\uff0c\u5e76\u4e14\u6ca1\u6709\u88ab\u7981\u7528\u5373\u53ef\u3002<\/p>\n
      <?php namespace AppHttp;\n\nuse IlluminateFoundationHttpKernel as HttpKernel;\n\nclass Kernel extends HttpKernel\n{\n    \/**\n     * The application's global HTTP middleware stack.\n     *\n     * @var array\n     *\/\n    protected $middleware = [\n        IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode::class,\n        IlluminateFoundationHttpMiddlewareValidatePostSize::class,\n        AppHttpMiddlewareTrimStrings::class,\n        IlluminateFoundationHttpMiddlewareConvertEmptyStringsToNull::class,\n    ];\n\n    \/**\n     * The application's route middleware.\n     *\n     * @var array\n     *\/\n    protected $routeMiddleware = [\n        'auth' => AppHttpMiddlewareAuthenticate::class,\n        'auth.basic' =&gt; IlluminateAuthMiddlewareAuthenticateWithBasicAuth::class,\n        'bindings' =&gt; IlluminateRoutingMiddlewareSubstituteBindings::class,\n        'can' =&gt; IlluminateAuthMiddlewareAuthorize::class,\n        'guest' =&gt; AppHttpMiddlewareRedirectIfAuthenticated::class,\n        'signed' =&gt; IlluminateRoutingMiddlewareValidateSignature::class,\n        'throttle' =&gt; IlluminateRoutingMiddlewareThrottleRequests::class,\n        'verified' =&gt; IlluminateAuthMiddlewareEnsureEmailIsVerified::class,\n        'csrf' =&gt; AppHttpMiddlewareVerifyCsrfToken::class,\n    ];\n}<\/pre>\n
        \u767b\u5f55\u540e\u590d\u5236   <\/p>\n
      \u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230VerifyCsrfToken\u4e2d\u95f4\u4ef6\u88ab\u6ce8\u518c\u4e3a’csrf’\u4e2d\u95f4\u4ef6\uff0c\u8fd9\u610f\u5473\u7740\u5b83\u5c06\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5de5\u4f5c\u3002<\/p>\n
      \u56db\u3001\u7ed3\u8bba<\/p>\n
      Token\u9a8c\u8bc1\u662fLaravel\u4e2d\u4e00\u4e2a\u975e\u5e38\u91cd\u8981\u7684\u5b89\u5168\u673a\u5236\uff0c\u53ef\u4ee5\u9632\u6b62\u6076\u610f\u653b\u51fb\u548c\u4fdd\u62a4\u7528\u6237\u6570\u636e\u7684\u5b89\u5168\u3002\u4f46\u6709\u65f6\u5019\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u6682\u65f6\u7981\u7528Token\u9a8c\u8bc1\u6765\u52a0\u5feb\u5f00\u53d1\u901f\u5ea6\u548c\u6548\u7387\u3002\u672c\u6587\u4ecb\u7ecd\u4e86\u5982\u4f55\u5728Laravel\u4e2d\u5173\u95edToken\u9a8c\u8bc1\uff0c\u5e76\u63d0\u9192\u60a8\u5173\u95edToken\u9a8c\u8bc1\u4f1a\u4ea7\u751f\u7684\u53ef\u80fd\u7684\u5b89\u5168\u9690\u60a3\u3002\u6211\u4eec\u5efa\u8bae\u4ec5\u5728\u5f00\u53d1\u548c\u6d4b\u8bd5\u8fc7\u7a0b\u4e2d\u4f7f\u7528\u8be5\u529f\u80fd\u3002\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0c\u60a8\u5e94\u8be5\u4fdd\u6301Token\u9a8c\u8bc1\u7684\u5f00\u542f\u72b6\u6001\uff0c\u786e\u4fdd\u60a8\u7684Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u3002<\/p>\n
      \u4ee5\u4e0a\u5c31\u662flaravel\u5173\u95edtoken\u9a8c\u8bc1\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8\u7c73\u4e91\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
      laravel\u662f\u4e00\u4e2a\u6d41\u884c\u7684php\u6846\u67b6\uff0c\u5b83\u63d0\u4f9b\u4e86\u5f88\u591a\u65b9\u4fbf\u7684\u529f\u80fd\u548c\u5de5\u5177\uff0c\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u5feb\u901f\u3001\u9ad8\u6548\u5730\u6784\u5efaweb\u5e94\u7528\u7a0b\u5e8f\u3002\u5176\u4e2d\u4e00\u4e2a\u91cd\u8981\u7684\u529f\u80fd\u662ftoken\u9a8c\u8bc1\uff0c\u5b83\u662f\u4e00\u79cd\u5b89\u5168\u673a\u5236\uff0c\u7528\u4e8e\u786e\u4fdd\u7528\u6237\u7684\u4fe1\u606f\u4e0d\u4f1a\u88ab\u975e\u6cd5\u8bbf\u95ee\u6216\u4fee\u6539\u3002\u4f46\u6709\u65f6\u5019\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6682\u65f6\u5173\u95edtoken\u9a8c\u8bc1\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5728laravel\u4e2d\u5982\u4f55\u5173\u95edtoken\u9a8c\u8bc1\u3002 \u4e00\u3001\u4e3a\u4ec0\u4e48\u5173\u95edToken\u9a8c\u8bc1\uff1f \u5728Laravel\u4e2d\uff0cToken\u9a8c\u8bc1\u662f\u9ed8\u8ba4\u5f00\u542f\u7684\u3002\u5f53\u7528\u6237\u901a\u8fc7Web\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u767b\u5f55\u6216\u6ce8\u518c\u65f6\uff0cLaravel\u4f1a\u81ea\u52a8\u751f\u6210\u4e00\u4e2aToken\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\u548c\u9632\u6b62\u6076\u610f\u653b\u51fb\u3002\u8fd9\u53ef\u4ee5\u63d0\u9ad8Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\uff0c\u51cf\u5c11\u6f5c\u5728\u7684\u98ce\u9669\u3002 \u4f46\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5f00\u53d1\u8005\u53ef\u80fd\u9700\u8981\u6682\u65f6\u5173\u95edToken\u9a8c\u8bc1\u3002\u4f8b\u5982\uff0c\u5f53\u5f00\u53d1\u4eba\u5458\u6b63\u5728\u8fdb\u884c\u6d4b\u8bd5\u6216\u8c03\u8bd5\u65f6\uff0c\u5173\u95edToken\u9a8c\u8bc1\u53ef\u4ee5\u52a0\u5feb\u5f00\u53d1\u901f\u5ea6\u548c\u6548\u7387\u3002\u6b64\u5916\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u8c03\u7528\u7b2c\u4e09\u65b9API\u6216\u96c6\u6210\u5176\u4ed6\u7cfb\u7edf\u65f6\uff0c\u9700\u8981\u4e34\u65f6\u7981\u7528Token\u9a8c\u8bc1\u3002 \u4e8c\u3001\u5982\u4f55\u5173\u95edToken\u9a8c\u8bc1\uff1f \u5728Laravel\u4e2d\uff0c\u5173\u95edToken\u9a8c\u8bc1\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u65b9\u5f0f\u5b9e\u73b0\u3002 \u5728\u4e2d\u95f4\u4ef6\u4e2d\u5173\u95edToken\u9a8c\u8bc1 \u4e2d\u95f4\u4ef6\u662fLaravel\u4e2d\u4e00\u4e2a\u975e\u5e38\u5f3a\u5927\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u7528\u4e8e\u5904\u7406HTTP\u8bf7\u6c42\u548c\u54cd\u5e94\u3002\u5728Laravel\u4e2d\uff0cToken\u9a8c\u8bc1\u662f\u5728\u4e2d\u95f4\u4ef6\u4e2d\u5b9e\u73b0\u7684\u3002\u56e0\u6b64\uff0c\u53ef\u4ee5\u5728\u4e2d\u95f4\u4ef6\u4e2d\u4fee\u6539Token\u9a8c\u8bc1\u7684\u884c\u4e3a\u3002 \u8981\u5173\u95edToken\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u7f16\u8f91AppHttpMiddlewareVerifyCsrfToken.php\u6587\u4ef6\uff0c\u5c06\u5176\u8f6c\u6362\u4e3a\u4ee5\u4e0b\u4ee3\u7801\uff1a <?php namespace AppHttpMiddleware; use IlluminateFoundationHttpMiddlewareVerifyCsrfToken as Middleware; class VerifyCsrfToken extends Middleware { \/** * The URIs that should be excluded from CSRF verification. * * @var array *\/ protected $except = [ \/\/ ]; \/** * Determine if the session and input CSRF tokens match. * […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-23081","post","type-post","status-publish","format-standard","hentry","category-16"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/23081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=23081"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/23081\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=23081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=23081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=23081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}