我在调用ajax时遇到了laravel的路由问题,但是我真的不明白是什么原因导致的,因为我应该调用ajax并成功返回。任何帮助将不胜感激。谢谢!
这是我的ajax代码
$.ajax({ type: "POST", url: baseLocalUrl, //baseLocalUrl= "http://localhost:4567/admin/menuBuilder/1/save" data: { html: $("#comment_area").text() }, success: function(data){ alert("success!"); } });
这是我的路线
Route::group(array('prefix' => 'admin', 'before' => 'auth'), function() { ..... Route::post('menuBuilder/{role}/save' , array('uses' => 'AdminMenuBuilderController@saveHTML' )); ..... });
这是我的控制器方法
public function saveHTML($roleId){ //$decodeJson = Input::get('html'); return "success"; }
这是我得到的错误
POST http://localhost:4567/admin/menuBuilder/1/save 500 (Internal Server Error)
Laravel日志
production.ERROR: 500 - Exception @ /admin/menuBuilder/1/save exception 'Illuminate\Session\TokenMismatchException' in /vagrant/app/filters.php:98
filters.php
<?php /* |-------------------------------------------------------------------------- | Application & Route Filters |-------------------------------------------------------------------------- | | Below you will find the "before" and "after" events for the application | which may be used to do any work before or after a request into your | application. Here you may also register your custom route filters. | */ App::before(function($request) { // }); App::after(function($request, $response) { // }); /* |-------------------------------------------------------------------------- | Authentication Filters |-------------------------------------------------------------------------- | | The following filters are used to verify that the user of the current | session is logged into this application. The "basic" filter easily | integrates HTTP Basic authentication for quick, simple checking. | */ Route::filter('auth', function() { if ( Auth::guest() ) // If the user is not logged in { return Redirect::guest('user/login'); } }); Route::filter('auth.basic', function() { return Auth::basic(); }); /* |-------------------------------------------------------------------------- | Guest Filter |-------------------------------------------------------------------------- | | The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function() { if (Auth::check()) return Redirect::to('user/login/'); }); /* |-------------------------------------------------------------------------- | Role Permissions |-------------------------------------------------------------------------- | | Access filters based on roles. | */ // Check for role on all admin routes Entrust::routeNeedsRole( 'admin*', array('admin'), Redirect::to('/') ); // Check for permissions on admin actions Entrust::routeNeedsPermission( 'admin/blogs*', 'manage_blogs', Redirect::to('/admin') ); Entrust::routeNeedsPermission( 'admin/comments*', 'manage_comments', Redirect::to('/admin') ); Entrust::routeNeedsPermission( 'admin/users*', 'manage_users', Redirect::to('/admin') ); Entrust::routeNeedsPermission( 'admin/roles*', 'manage_roles', Redirect::to('/admin') ); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function() { if (Session::getToken() != Input::get('csrf_token') && Session::getToken() != Input::get('_token')) { throw new Illuminate\Session\TokenMismatchException; } }); /* |-------------------------------------------------------------------------- | Language |-------------------------------------------------------------------------- | | Detect the browser language. | */ Route::filter('detectLang', function($route, $request, $lang = 'auto') { if($lang != "auto" && in_array($lang , Config::get('app.available_language'))) { Config::set('app.locale', $lang); }else{ $browser_lang = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? strtok(strip_tags($_SERVER['HTTP_ACCEPT_LANGUAGE']), ',') : ''; $browser_lang = substr($browser_lang, 0,2); $userLang = (in_array($browser_lang, Config::get('app.available_language'))) ? $browser_lang : Config::get('app.locale'); Config::set('app.locale', $userLang); App::setLocale($userLang); } });
您需要在AJAX调用的标头中包含CSRF令牌。试试这个:
在您的HTML <head>块中:
<head>
<!-- This is one of the more common ways of accessing your CSRF token. --> <meta name="csrf-token" content="{{ csrf_token() }}">
对于您的AJAX电话:
var token = $('meta[name="csrf-token"]').attr('content'); $.ajax({ type: "POST", url: baseLocalUrl, data: { html: $("#comment_area").text() }, // Added the CSRF token to the request header. header: {"X-CSRF-Token": token}, success: function(data) { alert("Success!"); } });
最后,在中app/filters.php,将CSRF过滤器更改为:
app/filters.php
Route::filter('csrf', function() { $token = Request::ajax() ? Request::header('X-CSRF-Token') : Input::get('_token'); if (Session::token() != $token) { throw new Illuminate\Session\TokenMismatchException; } });