小编典典

Ajax与Laravel路由错误

ajax

我在调用ajax时遇到了laravel的路由问题,但是我真的不明白是什么原因导致的,因为我应该调用ajax并成功返回。任何帮助将不胜感激。谢谢!

这是我的ajax代码

$.ajax({
            type: "POST",
            url: baseLocalUrl, //baseLocalUrl= "http://localhost:4567/admin/menuBuilder/1/save"
            data: 
            {
                html: $("#comment_area").text()
            },
            success: function(data){
                alert("success!");
            }


});

这是我的路线

Route::group(array('prefix' => 'admin', 'before' => 'auth'), function()
{
.....
Route::post('menuBuilder/{role}/save' , array('uses' => 'AdminMenuBuilderController@saveHTML' ));
.....
});

这是我的控制器方法

public function saveHTML($roleId){
        //$decodeJson = Input::get('html');
        return "success";

}

这是我得到的错误

 POST http://localhost:4567/admin/menuBuilder/1/save 500 (Internal Server Error)

Laravel日志

production.ERROR: 500 - Exception @ /admin/menuBuilder/1/save
exception 'Illuminate\Session\TokenMismatchException' in /vagrant/app/filters.php:98

filters.php

<?php

/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/

App::before(function($request)
{
    //
});


App::after(function($request, $response)
{
    //
});

/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/

Route::filter('auth', function()
{
    if ( Auth::guest() ) // If the user is not logged in
    {
            return Redirect::guest('user/login');
    }
});

Route::filter('auth.basic', function()
{
    return Auth::basic();
});

/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/

Route::filter('guest', function()
{
    if (Auth::check()) return Redirect::to('user/login/');
});

/*
|--------------------------------------------------------------------------
| Role Permissions
|--------------------------------------------------------------------------
|
| Access filters based on roles.
|
*/

// Check for role on all admin routes
Entrust::routeNeedsRole( 'admin*', array('admin'), Redirect::to('/') );

// Check for permissions on admin actions
Entrust::routeNeedsPermission( 'admin/blogs*', 'manage_blogs', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/comments*', 'manage_comments', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/users*', 'manage_users', Redirect::to('/admin') );
Entrust::routeNeedsPermission( 'admin/roles*', 'manage_roles', Redirect::to('/admin') );

    /*
    |--------------------------------------------------------------------------
    | CSRF Protection Filter
    |--------------------------------------------------------------------------
    |
    | The CSRF filter is responsible for protecting your application against
    | cross-site request forgery attacks. If this special token in a user
    | session does not match the one given in this request, we'll bail.
    |
    */

    Route::filter('csrf', function()
    {
        if (Session::getToken() != Input::get('csrf_token') &&  Session::getToken() != Input::get('_token'))
        {
            throw new Illuminate\Session\TokenMismatchException;
        }
    });

    /*
    |--------------------------------------------------------------------------
    | Language
    |--------------------------------------------------------------------------
    |
    | Detect the browser language.
    |
    */

    Route::filter('detectLang',  function($route, $request, $lang = 'auto')
    {

        if($lang != "auto" && in_array($lang , Config::get('app.available_language')))
        {
            Config::set('app.locale', $lang);
        }else{
            $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : '';
            $browser_lang = substr($browser_lang, 0,2);
            $userLang = (in_array($browser_lang, Config::get('app.available_language'))) ? $browser_lang : Config::get('app.locale');
            Config::set('app.locale', $userLang);
            App::setLocale($userLang);
        }
    });

阅读 186

收藏
2020-07-26

共1个答案

小编典典

您需要在AJAX调用的标头中包含CSRF令牌。试试这个:

在您的HTML <head>块中:

<!-- This is one of the more common ways of accessing your CSRF token. -->
<meta name="csrf-token" content="{{ csrf_token() }}">

对于您的AJAX电话:

var token = $('meta[name="csrf-token"]').attr('content');

$.ajax({
  type: "POST",
  url: baseLocalUrl,
  data: {
    html: $("#comment_area").text()
  },

  // Added the CSRF token to the request header.
  header: {"X-CSRF-Token": token},

  success: function(data) {
    alert("Success!");
  }
});

最后,在中app/filters.php,将CSRF过滤器更改为:

Route::filter('csrf', function()
{
  $token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token');
  if (Session::token() != $token)
  {
    throw new Illuminate\Session\TokenMismatchException;
  }
});
2020-07-26