Fix CSRF verification

This commit is contained in:
printempw 2018-08-14 20:52:41 +08:00
parent be6a2fe873
commit 53435e27b4
10 changed files with 43 additions and 5 deletions

View File

@ -5,6 +5,7 @@ namespace App\Exceptions;
use Exception;
use Illuminate\Http\Response;
use App\Exceptions\PrettyPageException;
use Illuminate\Session\TokenMismatchException;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Foundation\Validation\ValidationException;
use Symfony\Component\HttpKernel\Exception\HttpException;
@ -22,6 +23,7 @@ class Handler extends ExceptionHandler
protected $dontReport = [
HttpException::class,
ModelNotFoundException::class,
TokenMismatchException::class,
ValidationException::class,
PrettyPageException::class,
MethodNotAllowedHttpException::class,
@ -52,7 +54,11 @@ class Handler extends ExceptionHandler
}
if ($e instanceof MethodNotAllowedHttpException) {
abort(403, 'Method not allowed.');
abort(403, trans('errors.http.method-not-allowed'));
}
if ($e instanceof TokenMismatchException) {
return json(trans('errors.http.csrf-token-mismatch'), 1);
}
if ($e instanceof PrettyPageException) {

View File

@ -31,6 +31,7 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\AfterSessionBooted::class,
\App\Http\Middleware\DetectLanguagePrefer::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'static' => [],

View File

@ -0,0 +1,17 @@
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'setup/*'
];
}

View File

@ -9,6 +9,12 @@ console.log(
'font-style:italic;', ''
);
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
/**
* Check if given value is empty.
*

View File

@ -3,6 +3,8 @@ http:
msg-404: Nothing here.
msg-500: Please try again later.
msg-503: The application is now in maintenance mode.
method-not-allowed: Method not allowed.
csrf-token-mismatch: Token does not match, try reloading the page.
general:
title: Error occurred

View File

@ -3,6 +3,8 @@ http:
msg-404: 这里啥都没有哦
msg-500: 内部服务器错误,请稍后再试
msg-503: 网站维护中
method-not-allowed: 不允许的 HTTP 请求方法
csrf-token-mismatch: Token 不正确,请尝试刷新页面
general:
title: 出现错误

View File

@ -6,7 +6,8 @@
<title>@yield('title') - {{ option_localized('site_name') }}</title>
{!! bs_favicon() !!}
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- App Styles -->
@include('common.dependencies.style', ['module' => 'admin'])

View File

@ -5,7 +5,8 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>@yield('title') - {{ option_localized('site_name') }}</title>
{!! bs_favicon() !!}
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- App Styles -->
@include('common.dependencies.style', ['module' => 'auth'])

View File

@ -6,7 +6,8 @@
<title>@yield('title') - {{ option_localized('site_name') }}</title>
{!! bs_favicon() !!}
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- App Styles -->
@include('common.dependencies.style', ['module' => 'skinlib'])

View File

@ -6,7 +6,8 @@
<title>@yield('title') - {{ option_localized('site_name') }}</title>
{!! bs_favicon() !!}
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<meta name="csrf-token" content="{{ csrf_token() }}">
<!-- App Styles -->
@include('common.dependencies.style', ['module' => 'user'])