Laravel，尝试通过 AJAX 向控制器传递数据时出现不匹配的令牌错误

Posted 2023-03-14

【中文标题】Laravel，尝试通过 AJAX 向控制器传递数据时出现不匹配的令牌错误

【英文标题】：Laravel, mismatched token error when trying to pass data via AJAX to controller

【发布时间】：2017-06-03 08:10:02

【问题描述】：

路线：

Route::post('/update', 'PostsController@update');

控制器：

public function update(Request $request) 
    $content = $request;

    return response($content);

AJAX：

data = 
    id: postID,
    title: $('[data-post-id='+postID+']').find('.blog_input').val(),
    content: 'testing testing'
;

$.post('/update', data, function(result)
    console.log(result);
);

为此，我不断收到以下错误：

TokenMismatchException in VerifyCsrfToken.php line 68:
in VerifyCsrfToken.php line 68
at VerifyCsrfToken->handle(object(Request), object(Closure)) in Pipeline.php line 137
at Pipeline->Illuminate\Pipeline\closure(object(Request)) in Pipeline.php line 33
at Pipeline->Illuminate\Routing\closure(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 137
at Pipeline->Illuminate\Pipeline\closure(object(Request)) in Pipeline.php line 33
at Pipeline->Illuminate\Routing\closure(object(Request)) in StartSession.php line 64
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 137
at Pipeline->Illuminate\Pipeline\closure(object(Request)) in Pipeline.php line 33
at Pipeline->Illuminate\Routing\closure(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 137
at Pipeline->Illuminate\Pipeline\closure(object(Request)) in Pipeline.php line 33
at Pipeline->Illuminate\Routing\closure(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 137
at Pipeline->Illuminate\Pipeline\closure(object(Request)) in Pipeline.php line 33
at Pipeline->Illuminate\Routing\closure(object(Request)) in Pipeline.php line 104
at Pipeline->then(object(Closure)) in Router.php line 655
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 629
at Router->dispatchToRoute(object(Request)) in Router.php line 607
at Router->dispatch(object(Request)) in Kernel.php line 268
at Kernel->Illuminate\Foundation\Http\closure(object(Request)) in Pipeline.php line 53
at Pipeline->Illuminate\Routing\closure(object(Request)) in CheckForMaintenanceMode.php line 46....

我想提一下title 上的输入值来自独立输入，如果有任何线索表明问题可能是这个，它不在完整的<form> 内。我将如何传递或纠正 CSRF 令牌差异？

【参考方案1】：

我用它添加隐藏输入的解决方案

 <input type="hidden" name="csrf" id="csrf" value=" csrf_token() ">

通过 AJAX 访问它时

$('#csrf').val()

【参考方案2】：

这对我有用，同时使用@Buglinjo 和@Paul 的答案：

data = 
    _token: $('meta[name="csrf-token"]').attr('content'),
    id: postID,
    title: $('[data-post-id='+postID+']').find('.blog_input').val(),
    content: 'testing testing'
;

【讨论】：

我会推荐@paul 的回答。 Cos，按照他的方法，你的每一个ajax post调用都会默认添加token，而不是为每个ajax调用手动添加。

【参考方案3】：

你应该把这个添加到data:

data = 
    _token: ' csrf_token() ', //this one
    id: postID,
    title: $('[data-post-id='+postID+']').find('.blog_input').val(),
    content: 'testing testing'
;

【讨论】：

试过这个，它没有用，给了我同样的错误。

我认为它只是发送文字 csrf_token() unpopulated

【参考方案4】：

确保您在请求中发送 CSRF 令牌。

$.ajaxSetup(
                headers: 
                    'X-CSRF-TOKEN': $('meta[name="_token"]').attr('content')
                
            );

<meta name="_token" content=" csrf_token() ">

您也可以关闭此中间件，但实际上不建议这样做。见文档：https://laravel.com/docs/5.3/csrf#csrf-introduction