Laravel Passport - 自动绕过本地 Javascript 请求的 OAuth,而不是显示 "Unauthenticated."
Laravel Passport - Automatically bypass OAuth for local Javascript requests instead of displaying "Unauthenticated."
我已准备好护照 运行。我的应用程序包含连接到我的 API 的 JavaScript AJAX。我正在努力让它只基于 Session 而不是必须通过整个 OAuth 系统。
在文档中,看起来这是可能的:https://laravel.com/docs/5.4/passport#consuming-your-api-with-javascript
但是,我目前正在 "Unauthenticated."
Kernel.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyParametersMiddleware::class,
'throttle:60,1',
'bindings',
],
];
示例api.php 路线:
Route::group(['middleware' => ['auth:api']], function () {
Route::resource('canvas-item', 'CanvasItemController',
[
'only' => [
'index', // GET api/canvas-item
'store', // POST api/canvas-item
'update', // PUT api/canvas-item/{canvas-item-id}
'destroy' // DELETE api/canvas-item/{canvas-item-id}
],
]
);
});
示例JavaScript请求:
function ajaxRequest() {
$.APIAjax({
url: '{{ url('api/canvas-item') }}',
type: 'POST',
data: {
testing: null
},
success: function(jsonResponse) {},
error: function(jsonResponse) {}
});
}
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': token
}
});
文档要求的 headers 已正确设置:
X-CSRF-TOKEN
"<tokenhere>"
X-Requested-With
"XMLHttpRequest"
如果请求来自同一台服务器,我如何通过 'Unauthenticated.' 的任何想法?
谢谢!
删除
\App\Http\Middleware\EncryptCookies::class,
来自Kernel.php
允许 API 路由被正确验证。如果这不是处理此问题的 official/secure 方法,请告诉我。
我已准备好护照 运行。我的应用程序包含连接到我的 API 的 JavaScript AJAX。我正在努力让它只基于 Session 而不是必须通过整个 OAuth 系统。
在文档中,看起来这是可能的:https://laravel.com/docs/5.4/passport#consuming-your-api-with-javascript
但是,我目前正在 "Unauthenticated."
Kernel.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\VerifyParametersMiddleware::class,
'throttle:60,1',
'bindings',
],
];
示例api.php 路线:
Route::group(['middleware' => ['auth:api']], function () {
Route::resource('canvas-item', 'CanvasItemController',
[
'only' => [
'index', // GET api/canvas-item
'store', // POST api/canvas-item
'update', // PUT api/canvas-item/{canvas-item-id}
'destroy' // DELETE api/canvas-item/{canvas-item-id}
],
]
);
});
示例JavaScript请求:
function ajaxRequest() {
$.APIAjax({
url: '{{ url('api/canvas-item') }}',
type: 'POST',
data: {
testing: null
},
success: function(jsonResponse) {},
error: function(jsonResponse) {}
});
}
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': token
}
});
文档要求的 headers 已正确设置:
X-CSRF-TOKEN
"<tokenhere>"
X-Requested-With
"XMLHttpRequest"
如果请求来自同一台服务器,我如何通过 'Unauthenticated.' 的任何想法?
谢谢!
删除
\App\Http\Middleware\EncryptCookies::class,
来自Kernel.php
允许 API 路由被正确验证。如果这不是处理此问题的 official/secure 方法,请告诉我。