|
我正在使用基于Laravel的較新的PHP版本遷移舊的perl應(yīng)用程序.這需要perl應(yīng)用程序向新的Laravel應(yīng)用程序發(fā)出XHR請(qǐng)求,并且我在Chrome中遇到了一些問題,并且返回了Cookie.
當(dāng)我們已經(jīng)登錄到這兩個(gè)應(yīng)用程序時(shí),我正在嘗試向Laravel應(yīng)用程序發(fā)出兩個(gè)請(qǐng)求:第一個(gè)請(qǐng)求CSRF令牌,第二個(gè)使用該令牌發(fā)出POST請(qǐng)求.
我已經(jīng)將CORS配置為我正在發(fā)送和接收cookie的點(diǎn),并且初始/令牌GET調(diào)用正常工作(根據(jù)XHR請(qǐng)求發(fā)送的cookie進(jìn)行身份驗(yàn)證)
/ token調(diào)用然后返回一個(gè)帶有l(wèi)aravel_session cookie的Set-Cookie標(biāo)頭(如預(yù)期的那樣),但我的問題是以下POST請(qǐng)求發(fā)送了同一個(gè)cookie的兩個(gè)版本,PHP似乎只是查看不正確的一個(gè)和因此加載錯(cuò)誤的會(huì)話并針對(duì)錯(cuò)誤的CSRF令牌進(jìn)行測(cè)試.
以下是所有3個(gè)請(qǐng)求的詳細(xì)信息 – 正如您所看到的,最終的POST是發(fā)送兩個(gè)版本的相同cookie,具有不同的值. (為清晰起見,在Cookie標(biāo)頭中添加了換行符)
這只發(fā)生在Chrome中,在Safari中,它似乎發(fā)送了正確的Cookie并且CSRF令牌已正確驗(yàn)證. Chrome版本為45.0.2454.101.
令牌請(qǐng)求標(biāo)頭:
GET /token HTTP/1.1
Host: laravel.
Connection: keep-alive
Accept: */ *
Origin: https://perl.
X-FirePHP-Version: 0.0.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Referer: https://perl./original/page.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: XSRF-TOKEN=eyJpdiI6Im5kSG02TVhsc08wUVZCZkd2WnZQa1E9PSIsInZhbHVlIjoiWFE0MXFBNlZIMnNXVHppXC9hN0dqNlJ2K1psUU9JZlFqTUdZZ3RJVmc0N1ZqV0MrVEczOGVFV0ExcDRDYmQxZDBTbFhGaWFiUkh5TGowOUgxdzVKOCtBPT0iLCJtYWMiOiJhOTYzNDFlZjUyYTdjMWFmMDE1MTFlMjczYTA0NTE2NThlYjVlNTkyOWUyZWNjZWM1MGYxODc4MmVjMTM5YTFhIn0=;
laravel_session=eyJpdiI6ImdSM0VTT25FUzZoY3JOeVwvN2JLWFFnPT0iLCJ2YWx1ZSI6Ilp3WHBFZlNuTnZibVMyMUlvbk1YM1YwdXF5VjRnTW1CNWVjUU1ReXlLZldSeEJxeTJFSmgyN2pyTjAydXlzMzE1TmJseWZrQmRraStDUkFqNTFReUp3PT0iLCJtYWMiOiI5MWMxM2YyNzFjOTY3ZjIxMmVjYmNlZWNlNDAzYjI2MjZkNmJhMzIyM2VlNTAwNGJlNTQ4OTU4OTMxZjJhYjE5In0=;
_ga=GA1.3.1924987937.1443461035;
_dc_gtm_UA-5119192-1=1
令牌響應(yīng)標(biāo)頭:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:https://perl.
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:40
Content-Type:text/plain; charset=UTF-8
Date:Mon, 28 Sep 2015 17:24:18 GMT
Keep-Alive:timeout=2, max=80
P3P:policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Server:Apache
Set-Cookie:XSRF-TOKEN=eyJpdiI6ImFiT3ZSWWVDUnlKcWMraGFrWnBVY2c9PSIsInZhbHVlIjoiOTVnc05UM3puVGRwTUNUbDl3T1FNTVpWdGxVM29VaHNLSUt0XC9LTkhzMG5iOGlNbmhHXC9KMDBBTW9qRjZFQXZaSmlHTmhKUVpmTGdpXC80K0lkSUhUdnc9PSIsIm1hYyI6IjI5Njc1ZWE2NTRiYTY4NWJhMmE5Y2UwNjBlZDRkOWE4OGQwOWQ5NjE1YjAyNTMwNTFmZDczY2RjNzRiNjExNDIifQ==; expires=Mon, 28-Sep-2015 19:24:23 GMT; Max-Age=7200; path=/
Set-Cookie:laravel_session=eyJpdiI6IjJqbTRyWG1GOEd1c2NIRnd4eE4yMGc9PSIsInZhbHVlIjoiZzk2SFE2emxcL0xGNjI3aGtYd1NmWURUVEduMVZVY2dYeUlRTVo2UTYyU0I2dFljalhxTjJSY3JFMGpvXC9nc2N0N3dJUFZYbGQya3pUNit1eWtrM3JqZz09IiwibWFjIjoiNDBhYzAzZjkwNDA5ZDE4Y2Y5ZjQ1MjdiYTUwYWU2M2Y5NjVjY2I1ZmMxZWFlMzAwZWM4MmVjNWRlYjM2Yjc2ZSJ9; expires=Mon, 28-Sep-2015 19:24:23 GMT; Max-Age=7200; path=/; httponly
Vary:Origin
X-Powered-By:PHP/5.5.9-1ubuntu4.11
預(yù)檢請(qǐng)求標(biāo)題:
OPTIONS /destination/of/post HTTP/1.1
Host: laravel.
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: https://perl.
X-FirePHP-Version: 0.0.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: https://perl./original/page.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
預(yù)檢響應(yīng)標(biāo)題:
HTTP/1.1 200 OK
Date: Mon, 28 Sep 2015 17:24:24 GMT
Server: Apache
X-Powered-By: PHP/5.5.9-1ubuntu4.11
Allow: POST
Cache-Control: no-cache, private
access-control-allow-credentials: true
access-control-allow-origin: https://www.
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: ACCEPT, CONTENT-TYPE
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImVRTGM3Q1I5RUttXC83NlVLNEN3Z3ZRPT0iLCJ2YWx1ZSI6IlE0SVRjVnJHRHhRUXFYYUhZbVwvSEpLSFp2VVZSa0creW5OUzR2aFdXTEI5VWFEMzBCSkNjeHBzR0dycjVuYWxsOVJ4KzdNVWhhR3dMSmhiam8yUDZcL1E9PSIsIm1hYyI6ImRiYzE4ODRlMTAyOTFkMmY0NTI2YjkzMmExMGZjM2EzOTU2ZDc3N2Q1ZGQzYjNhM2EyNDY5YjhjNGIxMjVlMWYifQ==; expires=Mon, 28-Sep-2015 19:24:24 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6InR5M3JjWkltaVdoSldIa3FsWVp2YUE9PSIsInZhbHVlIjoibjFuODdiVXRKQmdvU1hVcTdcL3VQeWF4K243d2h3Z3EwNWtVeTNWZUdBWGFWQ21QQXlid2RFSmNLSklpanVpZUNhZGE5UlU2Q1FqUCtnSVd4UWkwM2ZRPT0iLCJtYWMiOiI1ZjNjOWQyNmZlNGI1MDI5OGQxOGY2ZGI5M2M1MTMwNWRjZGY4MDVjMGViODNjYjg0MmU5ZWQ0MzRjNjYyN2VhIn0=; expires=Mon, 28-Sep-2015 19:24:24 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Encoding: gzip
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Content-Length: 3501
Keep-Alive: timeout=2, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST請(qǐng)求標(biāo)題:
POST /destination/of/post HTTP/1.1
Host: laravel.
Connection: keep-alive
Content-Length: 72
Accept: application/json, text/javascript, */ *; q=0.01
Origin: https://perl.
X-FirePHP-Version: 0.0.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Content-Type: application/json
Referer: https://perl./original/page.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: _dc_gtm_UA-5119192-1=1; _ga=GA1.3.2141864485.1441288526;
__zlcmid=WXevTAW8aGLGrO;
XSRF-TOKEN=eyJpdiI6ImQ1TFRGaWFwK3cyd3RRa3BzbUNmc0E9PSIsInZhbHVlIjoiNGEydmlLWE96NzZueWtaWWlUa3UzMjZOK29NbmNPb2VidVdVYzdSbkZsaWJMVmxBRitLT05oK3hodUc1ejRMOWJWYzVIeEl6UlpzQ0dIeWlob3pFOFE9PSIsIm1hYyI6IjkzNTczMDJlOWVhZjM5NTU0NGEyNmE5YWNiODcxNDk4YmE0ODEyYTE3ZWExODBiMmNhNDFmMGFhMjVmNjhhYjgifQ==;
laravel_session=eyJpdiI6IkIrc3QzUk1iQnNEKysxOEg2UCtSbmc9PSIsInZhbHVlIjoiYXVDalVhaUpDMms3K3AwZFVLV0EyMDMwK25tVUQyYWw5c1MxTVRkZ0ZvVWpcL2lZUndubitsQ2VVMDF1UFcwNzNsR1doNG9TY2diMEhadHdXMEoxamt3PT0iLCJtYWMiOiI5MjE1NWE0MGNmMDgyYzhlYjBjMDUwY2JhOGYxNThjZTM0MjMwM2E3M2VjZjg1ZTgxMzIxZjE5OTkzZDEzZDhhIn0=;
_ga=GA1.3.1924987937.1443461035;
_dc_gtm_UA-5119192-1=1;
XSRF-TOKEN=eyJpdiI6ImFiT3ZSWWVDUnlKcWMraGFrWnBVY2c9PSIsInZhbHVlIjoiOTVnc05UM3puVGRwTUNUbDl3T1FNTVpWdGxVM29VaHNLSUt0XC9LTkhzMG5iOGlNbmhHXC9KMDBBTW9qRjZFQXZaSmlHTmhKUVpmTGdpXC80K0lkSUhUdnc9PSIsIm1hYyI6IjI5Njc1ZWE2NTRiYTY4NWJhMmE5Y2UwNjBlZDRkOWE4OGQwOWQ5NjE1YjAyNTMwNTFmZDczY2RjNzRiNjExNDIifQ==;
laravel_session=eyJpdiI6IjJqbTRyWG1GOEd1c2NIRnd4eE4yMGc9PSIsInZhbHVlIjoiZzk2SFE2emxcL0xGNjI3aGtYd1NmWURUVEduMVZVY2dYeUlRTVo2UTYyU0I2dFljalhxTjJSY3JFMGpvXC9nc2N0N3dJUFZYbGQya3pUNit1eWtrM3JqZz09IiwibWFjIjoiNDBhYzAzZjkwNDA5ZDE4Y2Y5ZjQ1MjdiYTUwYWU2M2Y5NjVjY2I1ZmMxZWFlMzAwZWM4MmVjNWRlYjM2Yjc2ZSJ9
POST響應(yīng)標(biāo)頭
HTTP/1.0 302 Found
Date: Mon, 28 Sep 2015 17:24:24 GMT
Server: Apache
X-Powered-By: PHP/5.5.9-1ubuntu4.11
Cache-Control: no-cache
Location: https://laravel./auth/login
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Content-Length: 416
Connection: close
Content-Type: text/html
解決方法: 同名的兩個(gè)cookie可能因?yàn)樗鼈兾挥诓煌穆窂?當(dāng)您編輯cookie時(shí),您必須指定與令牌響應(yīng)頭中相同的路徑和相同的域. 來源:https://www./content-1-291401.html
|
