我需要为某些引用者禁用csrf令牌。我该怎么做?
我试过了:
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
$_SERVER['HTTP_REFERER'] == 'http://example.com' ? '/example' : '',
];
但是我得到错误:expression is not allowed as field default value
$except字段用于从 CSRF 检查中排除指定的 URL。如果你想跳过对来自特定引用的请求的检查,那么你需要扩展你的VerifyCsrfToken中间件类,并提供新的handle方法,如下所示:
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
// If request comes from specific referer...
if ($request->headers->get('referer') == 'http://example.com') {
// ... then we append $except with URL to ignore.
$this->except[] = '/example';
}
// After that we pass the control to original method's implementation
// that will perform the check as usual.
return parent::handle($request, $next);
}