laravel ±íµ¥Òþ²ØÓò
laravel ÊÇÒ»¸öÊ¢ÐÐµÄ php ¿ò¼Ü£¬ËüΪ¿ª·¢ÕßÌṩÁËÐí¶àÀû±ãµÄ¹¦Ð§ºÍ¹¤¾ß¡£ÆäÖÐÒ»¸öºÜÊÇÊÊÓõĹ¦Ð§¾ÍÊÇ±íµ¥Òþ²ØÓò£¬Ëü¿ÉÒÔ×ÊÖúÎÒÃÇÔÚ±íµ¥ÖÐת´ïһЩÐèÒªÒþ²ØµÄÊý¾Ý¡£ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ«ÏÈÈÝÔÚ laravel ÖÐÔõÑùʹÓÃ±íµ¥Òþ²ØÓò¡£
Ò»¡¢±íµ¥Òþ²ØÓòµÄ×÷ÓÃ
ÔÚ¿ª·¢ Web Ó¦ÓóÌÐòʱ£¬ÎÒÃÇͨ³£ÐèÒªÒÔÇ°¶Ë±íµ¥ÖÐÍøÂçÓû§Êý¾Ý²¢½«Æä·¢Ë͵½ºó¶Ë¡£ÓÐʱ£¬ÎÒÃÇ¿ÉÄÜÐèÒªÏòºó¶Ë·¢ËÍһЩ¸½¼ÓµÄÊý¾Ý£¬ÀýÈç CSRF ÁîÅƵȡ£¿ÉÊÇ£¬ÕâЩÌØÁíÍâÊý¾Ý¿ÉÄܲ»ÐèÒªÔÚÇ°¶Ë¿É¼û¡£
Õâʱ£¬±íµ¥Òþ²ØÓò¾ÍÅÉÉÏÓó¡ÁË¡£Òþ²ØÓòÔÊÐíÎÒÃǽ«Êý¾Ý°²ÅÅÔÚ±íµ¥ÖУ¬µ«Óû§¿´²»µ½ËüÃÇ¡£È»ºó£¬µ±±íµ¥Ìύʱ£¬ÕâЩÒþ²ØµÄÊý¾Ý½«±»Ò»²¢Ìá½»µ½ºó¶Ë¾ÙÐд¦Àí¡£
¶þ¡¢ÔÚ Laravel ÖÐʹÓÃ±íµ¥Òþ²ØÓò
ÔÚ Laravel ÖУ¬ÎÒÃÇ¿ÉÒÔʹÓà {{ csrf_field() }} ÒªÁìÀ´ÌìÉúÒ»¸ö CSRF ÁîÅÆÒþ²ØÓò¡£Õâ¸öÒªÌå»áÌìÉúÒ»¸öÃûΪ _token µÄÒþ²ØÓò£¬²¢½«¶ÔÓ¦µÄ CSRF ÁîÅÆÖµÌî³äµ½¸ÃÓòÖС£Ê¾Àý´úÂëÈçÏ£º
<form method="post" action="/foo"> {{ csrf_field() }} ... </form>
µÇ¼ºó¸´ÖÆ
µ±±íµ¥Ìύʱ£¬Laravel ½«»áÑéÖ¤Ìá½»µÄ CSRF ÁîÅÆÖµÊÇ·ñÓÐÓã¬ÒÔÈ·±£Ó¦ÓóÌÐò²»»áÊܵ½ CSRF ¹¥»÷¡£
±ðµÄ£¬ÎÒÃÇÒ²¿ÉÒÔʹÓà {{ method_field(‘PUT’) }} ÒªÁìÀ´ÌìÉúÒ»¸öÃûΪ _method µÄÒþ²ØÓò£¬½« HTTP ÇëÇóÒªÁìÉèÖÃΪ PUT¡£Ê¾Àý´úÂëÈçÏ£º
<form method="post" action="/foo"> {{ method_field('PUT') }} ... </form>
µÇ¼ºó¸´ÖÆ
Èý¡¢ÊÖ¶¯½¨Éè±íµ¥Òþ²ØÓò
ÔÚijЩÇéÐÎÏ£¬ÐèÒªÊÖ¶¯½¨Éè±íµ¥Òþ²ØÓò¡£ÔÚ Laravel ÖУ¬ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÒªÁìÊÖ¶¯½¨Éè±íµ¥Òþ²ØÓò£º
<input type="hidden" name="foo" value="bar">
µÇ¼ºó¸´ÖÆ
ÒÔÉÏ´úÂ뽫ÌìÉúÒ»¸öÃûΪ foo µÄÒþ²ØÓò£¬²¢½«ÆäÖµÉèÖÃΪ bar¡£ÎÒÃÇ¿ÉÒÔÔÚ±íµ¥Ìύʱ¶ÁÈ¡Õâ¸öÒþ²ØÓòµÄÖµ²¢ÔÚºó¶Ë¾ÙÐд¦Àí¡£
ËÄ¡¢×ܽá
±íµ¥Òþ²ØÓòÔÚ Laravel ÖÐÊÇÒ»¸öºÜÊÇÊÊÓõĹ¦Ð§¡£ËüÔÊÐíÎÒÃÇÔÚ±íµ¥ÖÐת´ïÄÇЩ²»ÐèÒªÔÚÇ°¶ËÏÔʾµÄÊý¾Ý£¬ÀýÈç CSRF ÁîÅƵȡ£ÔÚ Laravel ÖУ¬ÎÒÃÇ¿ÉÒÔͨ¹ý {{ csrf_field() }} ºÍ {{ method_field(‘PUT’) }} ÒªÁì¿ìËÙÌìÉúÕâЩÒþ²ØÓò¡£Í¬Ê±£¬ÔÚijЩÇéÐÎÏ£¬ÎÒÃÇÒ²¿ÉÒÔÊÖ¶¯½¨Éè±íµ¥Òþ²ØÓò¡£
Ï£Íû±¾ÎÄ¿ÉÒÔ×ÊÖú¶ÁÕ߸üºÃµØÕÆÎÕ±íµ¥Òþ²ØÓòÔÚ Laravel ÖеÄʹÓÃÒªÁì¡£
ÒÔÉϾÍÊÇlaravel ±íµ¥Òþ²ØÓòµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡