Ways to prevent TokenMismatch Exception using AJAX

2019-08-01 02:54发布

站内问答 / PHP
445 1 6

I have analyze that ratio of getting Token Mismatch Error is very high. And this error getting because of some of the silly mistakes. There are many reasons developers are doing mistakes. Here are some of the examples.

  1. Not sending _token on header.
  2. Not sending _token on data when using ajax.
  3. Not Permission on Storage Path.
  4. Invalid Session Storage path.

And there many other reasons, feel free to edit this question for more more ways to prevent this type of error.

1条回答
一纸荒年 Trace。
2楼-- · 2019-08-01 03:38

Possible Change - 1

Setup Token on Header

Set the token on <head> of your default.blade.php view

<meta name="csrf-token" content="{{csrf_token()}}">

Add ajaxSetup on the top of your script, that will be accessible to everywhere. This will set headers on each ajax call

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

Set Token on <form> tag

Add below function to your <form> tag. This function will generate a hidden field named _token and filled value with token

{{csrf_field()}}

Add csrf_token() function to your hidden _token in value attribute. This will generate only encrypted string.

<input type="hidden" name="_token" value="{{csrf_token()}}"/>.

Possible Change - 2

Check session storage path & Permission

Here assume that project app url is APP_URL=http://project.dev/ts/toys-store

  1. Set the write permission to storage_path('framework/sessions')
  2. Check the path of your laravel project 'path' => '/ts/toys-store', this path is root of your laravel project.

  3. Change the name of your cookie 'cookie' => 'toys-store',

    return [
    'driver' => env('SESSION_DRIVER', 'file'),
    'lifetime' => 120,
    'expire_on_close' => false,
    'encrypt' => false,
    'files' => storage_path('framework/sessions'),
    'connection' => null,
    'table' => 'sessions',
    'lottery' => [2, 100],
    'cookie' => 'toys-store',
    'path' => '/ts/toys-store',
    'domain' => null,
    'secure' => false,
    'http_only' => true,
];

Possible Change - 3

Use _token field on AJAX

There are many ways to send _token on AJAX call

  1. Get all input field's value within <form> tag using var formData = new FormData($("#cart-add")[0]);
  2. Use $("#cart-add").serialize(); or $("#cart-add").serializeArray();
  3. Add _token manually on data of AJAX. using $('meta[name="csrf-token"]').attr('content') or $('input[name="_token"]').val().

  4. We can set as header on a particular ajax call like below code.

    $.ajax({
    url: "path/to/ajax",
    type: "POST",
    data: formData,
    processData: false,
    contentType: false,
    dataType: "json",
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)