在 Laravel 哪个中间件首先触发 CSRF 或 AUTH
In Laravel Which middleware fires first CSRF or AUTH
根据 Laravel Website
Laravel 将首先验证触发
的用户
Auth 中间件然后触发 CSRF 中间件。
但是如果登录页面是钓鱼页面怎么办,首先检查请求是否来自我们自己的网站,然后检查用户身份验证不是更自然吗??。
有人能解释一下吗。
谢谢
任何帮助将不胜感激
来自Laravel Request Lifecycle page
首先将请求传递给中间件,中间件将由 app/Http/kernel.php 中定义的每个请求进行处理。 此时应用CSRF中间件
The HTTP kernel also defines a list of HTTP middleware that all
requests must pass through before being handled by the application.
These middleware handle reading and writing the HTTP session,
determine if the application is in maintenance mode, verifying the
CSRF token, and more.
然后请求将被传递到路由器。然后路由器将强加路由特定的中间件。这意味着,auth 也适用于此时。
Once the application has been bootstrapped and all service providers
have been registered, the Request will be handed off to the router for
dispatching. The router will dispatch the request to a route or
controller, as well as run any route specific middleware.
希望你得到答案。
根据 laravel 文档。首先应用 web 中间件,然后将请求传递给 auth 等其他中间件,除非您更改它。
参考:
Web 中间件组中包含的 VerifyCsrfToken 中间件将自动验证请求输入中的令牌是否与会话中存储的令牌匹配。
请记住,Web 中间件组由 RouteServiceProvider 自动应用于您的默认 routes.php 文件。
这里是 web 中间件
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
'auth:api',
],
];
根据 Laravel Website
Laravel 将首先验证触发
的用户Auth 中间件然后触发 CSRF 中间件。
但是如果登录页面是钓鱼页面怎么办,首先检查请求是否来自我们自己的网站,然后检查用户身份验证不是更自然吗??。
有人能解释一下吗。
谢谢
任何帮助将不胜感激
来自Laravel Request Lifecycle page
首先将请求传递给中间件,中间件将由 app/Http/kernel.php 中定义的每个请求进行处理。 此时应用CSRF中间件
The HTTP kernel also defines a list of HTTP middleware that all requests must pass through before being handled by the application. These middleware handle reading and writing the HTTP session, determine if the application is in maintenance mode, verifying the CSRF token, and more.
然后请求将被传递到路由器。然后路由器将强加路由特定的中间件。这意味着,auth 也适用于此时。
Once the application has been bootstrapped and all service providers have been registered, the Request will be handed off to the router for dispatching. The router will dispatch the request to a route or controller, as well as run any route specific middleware.
希望你得到答案。
根据 laravel 文档。首先应用 web 中间件,然后将请求传递给 auth 等其他中间件,除非您更改它。
参考:
Web 中间件组中包含的 VerifyCsrfToken 中间件将自动验证请求输入中的令牌是否与会话中存储的令牌匹配。
请记住,Web 中间件组由 RouteServiceProvider 自动应用于您的默认 routes.php 文件。
这里是 web 中间件
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
'auth:api',
],
];