Fix CSRF verification
This commit is contained in:
parent
be6a2fe873
commit
53435e27b4
|
|
@ -5,6 +5,7 @@ namespace App\Exceptions;
|
|||
use Exception;
|
||||
use Illuminate\Http\Response;
|
||||
use App\Exceptions\PrettyPageException;
|
||||
use Illuminate\Session\TokenMismatchException;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Foundation\Validation\ValidationException;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
|
|
@ -22,6 +23,7 @@ class Handler extends ExceptionHandler
|
|||
protected $dontReport = [
|
||||
HttpException::class,
|
||||
ModelNotFoundException::class,
|
||||
TokenMismatchException::class,
|
||||
ValidationException::class,
|
||||
PrettyPageException::class,
|
||||
MethodNotAllowedHttpException::class,
|
||||
|
|
@ -52,7 +54,11 @@ class Handler extends ExceptionHandler
|
|||
}
|
||||
|
||||
if ($e instanceof MethodNotAllowedHttpException) {
|
||||
abort(403, 'Method not allowed.');
|
||||
abort(403, trans('errors.http.method-not-allowed'));
|
||||
}
|
||||
|
||||
if ($e instanceof TokenMismatchException) {
|
||||
return json(trans('errors.http.csrf-token-mismatch'), 1);
|
||||
}
|
||||
|
||||
if ($e instanceof PrettyPageException) {
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ class Kernel extends HttpKernel
|
|||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\AfterSessionBooted::class,
|
||||
\App\Http\Middleware\DetectLanguagePrefer::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
],
|
||||
|
||||
'static' => [],
|
||||
|
|
|
|||
17
app/Http/Middleware/VerifyCsrfToken.php
Normal file
17
app/Http/Middleware/VerifyCsrfToken.php
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
|
||||
|
||||
class VerifyCsrfToken extends BaseVerifier
|
||||
{
|
||||
/**
|
||||
* The URIs that should be excluded from CSRF verification.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected $except = [
|
||||
'setup/*'
|
||||
];
|
||||
}
|
||||
|
|
@ -9,6 +9,12 @@ console.log(
|
|||
'font-style:italic;', ''
|
||||
);
|
||||
|
||||
$.ajaxSetup({
|
||||
headers: {
|
||||
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* Check if given value is empty.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ http:
|
|||
msg-404: Nothing here.
|
||||
msg-500: Please try again later.
|
||||
msg-503: The application is now in maintenance mode.
|
||||
method-not-allowed: Method not allowed.
|
||||
csrf-token-mismatch: Token does not match, try reloading the page.
|
||||
|
||||
general:
|
||||
title: Error occurred
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ http:
|
|||
msg-404: 这里啥都没有哦
|
||||
msg-500: 内部服务器错误,请稍后再试
|
||||
msg-503: 网站维护中
|
||||
method-not-allowed: 不允许的 HTTP 请求方法
|
||||
csrf-token-mismatch: Token 不正确,请尝试刷新页面
|
||||
|
||||
general:
|
||||
title: 出现错误
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@
|
|||
<title>@yield('title') - {{ option_localized('site_name') }}</title>
|
||||
{!! bs_favicon() !!}
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
||||
<!-- App Styles -->
|
||||
@include('common.dependencies.style', ['module' => 'admin'])
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<title>@yield('title') - {{ option_localized('site_name') }}</title>
|
||||
{!! bs_favicon() !!}
|
||||
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
||||
<!-- App Styles -->
|
||||
@include('common.dependencies.style', ['module' => 'auth'])
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@
|
|||
<title>@yield('title') - {{ option_localized('site_name') }}</title>
|
||||
{!! bs_favicon() !!}
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
||||
<!-- App Styles -->
|
||||
@include('common.dependencies.style', ['module' => 'skinlib'])
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@
|
|||
<title>@yield('title') - {{ option_localized('site_name') }}</title>
|
||||
{!! bs_favicon() !!}
|
||||
<!-- Tell the browser to be responsive to screen width -->
|
||||
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
|
||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
||||
<!-- App Styles -->
|
||||
@include('common.dependencies.style', ['module' => 'user'])
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user