-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: CSRF_TOKEN #40
Comments
Hey there, Which framework are you using on the backend? I know with Ruby on Rails, the CSRF Token is passed in as a header. Check the meta tags of your site for something like:
If it is there, then you can do something like this:
|
I use Laravel. .. var uploader = $scope.uploader = $fileUploader.create({
scope: $scope, // to automatically update the html. Default: $rootScope
url: '/profile/me/photo',
headers: {
'X-CSRF-TOKEN': CSRF_TOKEN
},
filters: [
function (item) { // first user filter
console.info('filter1');
return true;
}
]
}); My Backend: Filter: Route::filter('auth_&_csrf', function(){
if ( !Auth::check() ) {
return Response::json(array('flash' => 'Please log in.'), 401);
}
if ( Request::getMethod() == 'POST' )
{
if (Session::token() != Input::json('csrf_token')) {
throw new Illuminate\Session\TokenMismatchException;
}
}
}); Route: Route::post( '/profile/me/photo' , array( 'before' => 'auth_&_csrf', 'uses' => 'ProfileController@upPhoto' )); Exception through tokenmismatch... :/ Maybe, headers not is 'X-CSRF-TOKEN' in Laravel... I check this.. |
Mmmm it's correct? this work: $token = Request::header('X-CSRF-TOKEN');
if ( Session::token() != $token ) {
throw new Illuminate\Session\TokenMismatchException;
} app.controller('UploadPhoto', function($scope, $http, $fileUploader, CSRF_TOKEN)
{
// create a uploader with options
var uploader = $scope.uploader = $fileUploader.create({
scope: $scope, // to automatically update the html. Default: $rootScope
url: '/profile/me/photo',
headers: {
'X-CSRF-TOKEN': CSRF_TOKEN
},
filters: [
function (item) { // first user filter
console.info('filter1');
return true;
}
]
});
.
.
.
. |
Where are you setting
Is it coming in correctly on the backend? Maybe it is being passed as |
I don't know anything about Laravel - but it looks like it is using something called Some quick googling shows that lots of people have faced the issue of tokens not matching: |
Sorry I didnt see your second message - I am happy you got it working 😄 |
Jaja! Yes. I have seen the article you say! CSRF_TOKEN is a constant angular. angular.module("app").constant("CSRF_TOKEN", '<?php echo csrf_token(); ?>'); Thanks! :) |
What if you are not using a framework or application to render your page? Do you still need to do a CSRF token? And if so, how would you do it? |
CSRF tokens are a good idea, but if you're not using a framework to implement one, you would not need to worry about setting this for requests to your server. |
Hi guys, it's been bit late. It could be easier to just embed your CSRF token into item.formData along with your file rather than modifying Laravel side: item.formData = [
{
_token: CSRFTOKEN
}
]; Laravel sees the input of '_token' as the default csrf token place. cheers. |
Thanks!this solution helped me. to the ones search for Django snippet: var Ctrl = function ($scope, $cookies, $fileUploader)
{
var uploader = $scope.uploader = $fileUploader.create({
// ...
headers : {
'X-CSRFTOKEN' : $cookies['csrftoken']
}
});
// ...
} |
How can i use this in multiple in same page ? |
For me it works in IE 10 and above and chrome...but does not work in IE9. In request i do not see token passed..... var uploader = that.scope.uploader = new that.FileUploader({ any help? |
Hi!
How to embbed a CSRF TOKEN in form data?
Not work...
Help?
The text was updated successfully, but these errors were encountered: