Cakephp CSRF 不匹配
Cakephp CSRF mismatch
以下是我的AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
$this->loadComponent('RequestHandler', [
'enableBeforeRedirect' => false,
]);
$this->loadComponent('Auth', [
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'storage' => 'Session'
]);
$this->loadComponent('Flash');
/*
* Enable the following component for recommended CakePHP security settings.
* see https://book.cakephp.org/3/en/controllers/components/security.html
*/
//$this->loadComponent('Security');
}
和我的Application.php
public function middleware($middlewareQueue)
{
$options = ['httpOnly' => true];
$csrf = new CsrfProtectionMiddleware($options);
$middlewareQueue
->add(new ErrorHandlerMiddleware(null, Configure::read('Error')))
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
->add(new RoutingMiddleware($this))
->add($csrf);
return $middlewareQueue;
}
以下是我的看法。
<form action="<?= Router::url(['controller' => 'Users', 'action' => 'registration']) ?>" method="POST">
<input type="hidden" name="_csrfToken" value="<?= $this->request->getParam('_csrfToken'); ?>" />
</form>
不过,当我提交表格时它说
尝试使用 CakePHP Form Helper
制作表格
<?= $this->Form->create($users, ['url' => ['controller' => 'Users', 'action' => 'registration']]) ?>
....
<?= $this->Form->end() ?>
以下是我的AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
$this->loadComponent('RequestHandler', [
'enableBeforeRedirect' => false,
]);
$this->loadComponent('Auth', [
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'storage' => 'Session'
]);
$this->loadComponent('Flash');
/*
* Enable the following component for recommended CakePHP security settings.
* see https://book.cakephp.org/3/en/controllers/components/security.html
*/
//$this->loadComponent('Security');
}
和我的Application.php
public function middleware($middlewareQueue)
{
$options = ['httpOnly' => true];
$csrf = new CsrfProtectionMiddleware($options);
$middlewareQueue
->add(new ErrorHandlerMiddleware(null, Configure::read('Error')))
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
->add(new RoutingMiddleware($this))
->add($csrf);
return $middlewareQueue;
}
以下是我的看法。
<form action="<?= Router::url(['controller' => 'Users', 'action' => 'registration']) ?>" method="POST">
<input type="hidden" name="_csrfToken" value="<?= $this->request->getParam('_csrfToken'); ?>" />
</form>
不过,当我提交表格时它说
尝试使用 CakePHP Form Helper
制作表格<?= $this->Form->create($users, ['url' => ['controller' => 'Users', 'action' => 'registration']]) ?>
....
<?= $this->Form->end() ?>