我在Lubuntu上设置了CakePHP 4.0.6。使用本地Apache服务器。安装顺利,我可以看到欢迎页面。
然后我启动了CMS教程,在数据库中创建了表,然后通过烘烤创建了所有内容./cake bake all --everything这也很好,我可以看到/users/index页面。
接下来,我尝试通过添加用户来使用cms,显示了表格,我填写了所需的信息,但是提交后出现此错误:缺少CSRF令牌正文
Stacktrace:
[[Cake \ Http \ Exception \ InvalidCsrfTokenException]]在/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php缺少第254行堆栈堆栈中的CSRF令牌正文:-/ home /大卫/软件/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:133-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/主页/大卫/软件/ cakePhpTest /供应商/cakephp/cakephp/src/Http/Runner.php:58-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:162 -/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php :68-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73-/ home / david / Software / cakePhpTest / vendor / cakephp / cakephp / src / Error / Middleware / ErrorHandlerMiddleware .php:119-/ home / david / Software / cakePhpTest / ve ndor / cakephp / cakephp / src / Http / Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/debug_kit/src/Middleware/DebugKitMiddleware.php:60-/ home / david / Software / cakePhpTest /供应商/cakephp/cakephp/src/Http/Runner.php:73-/home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58-/ home / david / Software / cakePhpTest / vendor / cakephp / cakephp / src / Http / Server.php:90-/home/david/Software/cakePhpTest/webroot/index.php:40请求URL:/ users / add引用URL:http://localhost:8765/users/add客户端IP:127.0。 0.1
[真正让我感到困惑的是,根据CakePHP Documentation,跨站点请求伪造保护必须在不是新安装的项目的src/Application.php中启用。我检查过。
所以未启用的东西怎么会导致错误。
要查看如果启用它会发生什么,我从文档中复制了代码:
use Cake\Http\Middleware\CsrfProtectionMiddleware;
...
$options = [
// ...
];
$csrf = new CsrfProtectionMiddleware($options);
至src/Application.php。这导致相同的错误。
在默认的应用程序框架中,CSRF中间件正在路由范围内注册,在您链接的文档的第二个示例中显示了类似的内容。
$routes->scope('/', function (RouteBuilder $builder) { // Register scoped middleware for in scopes. $builder->registerMiddleware('csrf', new CsrfProtectionMiddleware([ 'httpOnly' => true, ])); /* * Apply a middleware to the current route scope. * Requires middleware to be registered through `Application::routes()` with `registerMiddleware()` */ $builder->applyMiddleware('csrf'); // ... });
https://github.com/cakephp/app/blob/4.0.3/config/routes.php#L49-L58
请参阅config/routes.php文件并根据需要配置/删除中间件。
如果您想要使用CSRF中间件,请确保删除该域的Cookie,CSRF令牌Cookie进行了更改,当前与现有CSRF令牌Cookie不兼容,请参见[C0 ]。