对 /autodiscover/autodiscover.xml 的请求导致 TokenMismatchException
Requests to /autodiscover/autodiscover.xml causing TokenMismatchException
我有一个 Laravel 应用程序获得了合理的流量。
为了更优雅地处理 TokenMismatchException 类型的异常(当会话生命周期到期然后用户提交表单时往往会抛出),我更改了异常处理程序的 render() 方法,如下所示:
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof \Illuminate\Session\TokenMismatchException){
return redirect($request->fullUrl())->with('error',"Sorry your session has expired please resubmit your request.");
}
return parent::render($request, $e);
}
这对于正常请求来说工作正常,它不会抛出异常,而是设置一个会话闪现消息并重定向回请求的页面。但是,我注意到对于以下请求仍会抛出许多此类异常:
/autodiscover/autodiscover.xml
我知道以上内容与 Exchange 有关,所以它可能不是恶意的。
我感到困惑的是 a) 为什么这个未路由的 url 触发了 Laravel 的 CSRF 保护和 b) 为什么我更新的处理程序没有捕获异常?
我试过为此 url 添加路由并手动抛出 404,但这没有帮助。
如何防止抛出这些异常?
编辑 - 根据要求编辑堆栈跟踪:
2015-10-26 11:44:38] production.ERROR: exception 'Illuminate\Session\TokenMismatchException' in /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:53
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#2 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(54): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#4 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#5 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#7 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#8 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
#10 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#11 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#13 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#14 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(42): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#16 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#18 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#19 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#20 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#21 /var/www/vhosts/sitedomain.com/public_html/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#22 {main}
所以,解决方法还是比较简单的。似乎 Laravel 的默认行为是处理所有 post(并且可能是放置和删除...)请求,无论它们是否在路由中定义。
因此我们可以在 VerifyCsrfToken 中间件 $except 数组中为此添加一个例外:
protected $except = [
'autodiscover/autodiscover.xml'
]
添加以上后,我的TokenMismatchException不再抛出
我有一个 Laravel 应用程序获得了合理的流量。
为了更优雅地处理 TokenMismatchException 类型的异常(当会话生命周期到期然后用户提交表单时往往会抛出),我更改了异常处理程序的 render() 方法,如下所示:
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof \Illuminate\Session\TokenMismatchException){
return redirect($request->fullUrl())->with('error',"Sorry your session has expired please resubmit your request.");
}
return parent::render($request, $e);
}
这对于正常请求来说工作正常,它不会抛出异常,而是设置一个会话闪现消息并重定向回请求的页面。但是,我注意到对于以下请求仍会抛出许多此类异常:
/autodiscover/autodiscover.xml
我知道以上内容与 Exchange 有关,所以它可能不是恶意的。
我感到困惑的是 a) 为什么这个未路由的 url 触发了 Laravel 的 CSRF 保护和 b) 为什么我更新的处理程序没有捕获异常?
我试过为此 url 添加路由并手动抛出 404,但这没有帮助。
如何防止抛出这些异常?
编辑 - 根据要求编辑堆栈跟踪:
2015-10-26 11:44:38] production.ERROR: exception 'Illuminate\Session\TokenMismatchException' in /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:53
Stack trace:
#0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))
#1 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#2 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(54): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#4 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#5 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#6 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))
#7 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#8 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#9 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))
#10 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#11 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#13 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#14 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(42): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#16 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(124): call_user_func_array(Array, Array)
#17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#18 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#19 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(122): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#20 /var/www/vhosts/sitedomain.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(87): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#21 /var/www/vhosts/sitedomain.com/public_html/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#22 {main}
所以,解决方法还是比较简单的。似乎 Laravel 的默认行为是处理所有 post(并且可能是放置和删除...)请求,无论它们是否在路由中定义。
因此我们可以在 VerifyCsrfToken 中间件 $except 数组中为此添加一个例外:
protected $except = [
'autodiscover/autodiscover.xml'
]
添加以上后,我的TokenMismatchException不再抛出