Laravel - how to Prefix all json responses to prot

2019-05-03 23:26发布

问题:

I am writing an angularjs app which is consuming an api built with Laravel 4.1. I am looking to protect against json injection.

One method built into angularjs to fix this is to prefix all server json responses with the following string ")]}',\n".

The angularjs $http service will automatically strip this string from all json responses.

I don't want to have to attach this string manually to every json response which my api serves.

Is there a way to prefix this string whenever my controller returns a json Response object?

return Response::json($prefix.$json, 200);

回答1:

If you want to prepend/append data to the response you can use filters.

Route::filter('json.protect',function($route,$request,$response = null)
{
    if($response instanceof \Illuminate\Http\JsonResponse) {
        $json = ")]}',\n" . $response->getContent();
        return $response->setContent($json);
    }
});

You can then attach the filter to the route using the after property.

Route::get('/test', array('after' =>'json.protect', function()
{
    $test = array(
        "foo" => "bar",
        "bar" => "foo",
    );

    return Response::json($test);
}));

Alternatively, if you don't want to attach a filter to each route that outputs json, then it is also possible to utilise the App::after hook.

App::after(function($request, $response)
{
    if($response instanceof \Illuminate\Http\JsonResponse) {
        $json = ")]}',\n" . $response->getContent();
        return $response->setContent($json);
    }
});


回答2:

I know this question was asked a long time ago, but to help who needs this approach with Laravel 5 and AngularJS this can be done by creating a Response Macro, so in your ResponseMacroServiceProvider class you'd define boot method like:

public function boot()
{
    Response::macro('angular', function($value, $status = 200)
    {
        $response = Response::make($value, $status);

        $json = ")]}',\n" . $response->getContent();

        return $response->setContent($json);
    });
}

Then simply call the response() helper function within your controller:

return response()->angular(['item' => 'value']);


回答3:

This should work:

//in app/filters.php
App::after(function($request, $response)
{
    if($request->ajax()) $response = ")]}',\n".$response;
});