Question: CSRF_TOKEN #40
Comments
|
Hey there, Which framework are you using on the backend? I know with Ruby on Rails, the CSRF Token is passed in as a header. Check the meta tags of your site for something like: If it is there, then you can do something like this: |
|
I use Laravel. .. var uploader = $scope.uploader = $fileUploader.create({
scope: $scope, // to automatically update the html. Default: $rootScope
url: '/profile/me/photo',
headers: {
'X-CSRF-TOKEN': CSRF_TOKEN
},
filters: [
function (item) { // first user filter
console.info('filter1');
return true;
}
]
});My Backend: Filter: Route::filter('auth_&_csrf', function(){
if ( !Auth::check() ) {
return Response::json(array('flash' => 'Please log in.'), 401);
}
if ( Request::getMethod() == 'POST' )
{
if (Session::token() != Input::json('csrf_token')) {
throw new Illuminate\Session\TokenMismatchException;
}
}
});Route: Route::post( '/profile/me/photo' , array( 'before' => 'auth_&_csrf', 'uses' => 'ProfileController@upPhoto' ));Exception through tokenmismatch... :/ Maybe, headers not is 'X-CSRF-TOKEN' in Laravel... I check this.. |
|
Mmmm it's correct? this work: $token = Request::header('X-CSRF-TOKEN');
if ( Session::token() != $token ) {
throw new Illuminate\Session\TokenMismatchException;
}app.controller('UploadPhoto', function($scope, $http, $fileUploader, CSRF_TOKEN)
{
// create a uploader with options
var uploader = $scope.uploader = $fileUploader.create({
scope: $scope, // to automatically update the html. Default: $rootScope
url: '/profile/me/photo',
headers: {
'X-CSRF-TOKEN': CSRF_TOKEN
},
filters: [
function (item) { // first user filter
console.info('filter1');
return true;
}
]
});
.
.
.
. |
|
Where are you setting Is it coming in correctly on the backend? Maybe it is being passed as |
|
I don't know anything about Laravel - but it looks like it is using something called Some quick googling shows that lots of people have faced the issue of tokens not matching: |
|
Sorry I didnt see your second message - I am happy you got it working 😄 |
|
Jaja! Yes. I have seen the article you say! CSRF_TOKEN is a constant angular. angular.module("app").constant("CSRF_TOKEN", '<?php echo csrf_token(); ?>');Thanks! :) |
|
What if you are not using a framework or application to render your page? Do you still need to do a CSRF token? And if so, how would you do it? |
|
CSRF tokens are a good idea, but if you're not using a framework to implement one, you would not need to worry about setting this for requests to your server. |
|
Hi guys, it's been bit late. It could be easier to just embed your CSRF token into item.formData along with your file rather than modifying Laravel side: item.formData = [
{
_token: CSRFTOKEN
}
];Laravel sees the input of '_token' as the default csrf token place. cheers. |
Thanks!this solution helped me. to the ones search for Django snippet: var Ctrl = function ($scope, $cookies, $fileUploader)
{
var uploader = $scope.uploader = $fileUploader.create({
// ...
headers : {
'X-CSRFTOKEN' : $cookies['csrftoken']
}
});
// ...
} |
|
How can i use this in multiple in same page ? |
|
For me it works in IE 10 and above and chrome...but does not work in IE9. In request i do not see token passed..... var uploader = that.scope.uploader = new that.FileUploader({ any help? |
Hi!
How to embbed a CSRF TOKEN in form data?
Not work...
Help?
The text was updated successfully, but these errors were encountered: