cURL X-CSRF 令牌问题
cURL X-CSRF Token Issue
我有这个 PHP 代理使用 cURL(如下)。每当它获得 POST 时,header X-CSRF 标记将设置为空。 X-CSRF 令牌是使用代理与不使用代理之间 POST header 的唯一区别。
所以我想知道如何修复它,以便像不使用代理一样正确设置 X-CSRF 令牌?
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0');
$browserRequestHeaders = getallheaders();
$curlRequestHeaders = array();
foreach ($browserRequestHeaders as $name => $value) {
$curlRequestHeaders[] = $name . ": " . $value;
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $curlRequestHeaders);
switch ($_SERVER["REQUEST_METHOD"]) {
case "POST":
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents("php://input"));
break;
case "PUT":
curl_setopt($ch, CURLOPT_PUT, TRUE);
curl_setopt($ch, CURLOPT_INFILE, fopen("php://input"));
break;
}
//Other cURL options.
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt ($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_NOBODY, 0);
// Cookie cURL options.
curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
//handle other cookies cookies
foreach ($_COOKIE as $k=>$v) {
if(is_array($v)){
$v = serialize($v);
}
curl_setopt($ch,CURLOPT_COOKIE,"$k=$v; domain=.$cookiedomain ; path=/");
}
// Set the request URL.
curl_setopt($ch, CURLOPT_URL, $url);
// Make the request.
$response = curl_exec($ch);
curl_setopt($ch, CURLOPT_POST, 0);
$responseInfo = curl_getinfo($ch);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close($ch);
图像显示 headers http://i.stack.imgur.com/78fVV.jpg
您正在使用 AJAX 调用,如您的图片所示,X-CSRF-Token header 未在这些调用上设置。您需要按照 Adding X-CSRF-Token header globally to all instances of XMLHttpRequest(); 中的说明明确设置它,例如与(从那里复制):
(function() {
var send = XMLHttpRequest.prototype.send,
token = $('meta[name=csrf-token]').attr('content');
XMLHttpRequest.prototype.send = function(data) {
this.setRequestHeader('X-CSRF-Token', token);
return send.apply(this, arguments);
};
}());
所以修复不在 PHP 中,而是在您的 AJAX 调用代码中。将 token = $('meta[name=csrf-token]').attr('content'); 替换为从您的 HTML.
获取 CSRF 令牌的代码
必须在 php 中代理客户端和服务器之间的 $_SESSION id。
我有这个 PHP 代理使用 cURL(如下)。每当它获得 POST 时,header X-CSRF 标记将设置为空。 X-CSRF 令牌是使用代理与不使用代理之间 POST header 的唯一区别。
所以我想知道如何修复它,以便像不使用代理一样正确设置 X-CSRF 令牌?
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0');
$browserRequestHeaders = getallheaders();
$curlRequestHeaders = array();
foreach ($browserRequestHeaders as $name => $value) {
$curlRequestHeaders[] = $name . ": " . $value;
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $curlRequestHeaders);
switch ($_SERVER["REQUEST_METHOD"]) {
case "POST":
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents("php://input"));
break;
case "PUT":
curl_setopt($ch, CURLOPT_PUT, TRUE);
curl_setopt($ch, CURLOPT_INFILE, fopen("php://input"));
break;
}
//Other cURL options.
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt ($ch, CURLOPT_FAILONERROR, TRUE);
curl_setopt($ch, CURLOPT_NOBODY, 0);
// Cookie cURL options.
curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
//handle other cookies cookies
foreach ($_COOKIE as $k=>$v) {
if(is_array($v)){
$v = serialize($v);
}
curl_setopt($ch,CURLOPT_COOKIE,"$k=$v; domain=.$cookiedomain ; path=/");
}
// Set the request URL.
curl_setopt($ch, CURLOPT_URL, $url);
// Make the request.
$response = curl_exec($ch);
curl_setopt($ch, CURLOPT_POST, 0);
$responseInfo = curl_getinfo($ch);
$headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
curl_close($ch);
图像显示 headers http://i.stack.imgur.com/78fVV.jpg
您正在使用 AJAX 调用,如您的图片所示,X-CSRF-Token header 未在这些调用上设置。您需要按照 Adding X-CSRF-Token header globally to all instances of XMLHttpRequest(); 中的说明明确设置它,例如与(从那里复制):
(function() {
var send = XMLHttpRequest.prototype.send,
token = $('meta[name=csrf-token]').attr('content');
XMLHttpRequest.prototype.send = function(data) {
this.setRequestHeader('X-CSRF-Token', token);
return send.apply(this, arguments);
};
}());
所以修复不在 PHP 中,而是在您的 AJAX 调用代码中。将 token = $('meta[name=csrf-token]').attr('content'); 替换为从您的 HTML.
必须在 php 中代理客户端和服务器之间的 $_SESSION id。