我读到使用get请求注销可能会引起csrf攻击,所以我想实现post请求注销。
这是我在web.php中所做的
Route::redirect('/', '/it');
Route::group(['prefix' => '{locale?}'], function () {
Route::get('/','HomeController@index')->name('/');
...
Route::get('/admin/dashboard', 'AdminViewController@index')->name('dashboard')->middleware('auth')
...
Route::get('/contact', 'ContactController@index')->name('contact');
// Route::get('logout', function()
// {
// auth()->logout();
// Session()->flush();
// return Redirect::to('/');
// })->name('logout');
Auth::routes();
});
[我知道人们说要从群组中删除Auth,但对我来说这很好。
这里是我在自动创建的AuthRouteMethods中拥有的内容:
<?php
namespace Laravel\Ui;
use Illuminate\Support\Facades\Route;
class AuthRouteMethods
{
public function auth()
{
return function ($options = []) {
// Authentication Routes...
$this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
$this->post('login', 'Auth\LoginController@login');
$this->post('logout', 'Auth\LoginController@logout')->name('logout');
// Registration Routes...
if ($options['register'] ?? true) {
$this->get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
$this->post('register', 'Auth\RegisterController@register');
}
// Password Reset Routes...
if ($options['reset'] ?? true) {
$this->resetPassword();
}
// Password Confirmation Routes...
if ($options['confirm'] ??
class_exists($this->prependGroupNamespace('Auth\ConfirmPasswordController'))) {
$this->confirmPassword();
}
// Email Verification Routes...
if ($options['verify'] ?? false) {
$this->emailVerification();
}
};
}
public function resetPassword()
{
return function () {
$this->get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
$this->post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
$this->get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
$this->post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.update');
};
}
public function confirmPassword()
{
return function () {
$this->get('password/confirm', 'Auth\ConfirmPasswordController@showConfirmForm')->name('password.confirm');
$this->post('password/confirm', 'Auth\ConfirmPasswordController@confirm');
};
}
public function emailVerification()
{
return function () {
$this->get('email/verify', 'Auth\VerificationController@show')->name('verification.notice');
$this->get('email/verify/{id}/{hash}', 'Auth\VerificationController@verify')->name('verification.verify');
$this->post('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');
};
}
}
并且在UI中,我有此实现:
<li><a href="{{ route('logout', app()->getLocale()) }}" onclick="event.preventDefault(); document.getElementById('loggout-form').submit();">Logout</a>
</ul>
</div>
<form id="loggout-form" {{ route('logout', app()->getLocale()) }} method="POST" style="display:none;">
@csrf
</form>
并且当我拨打电话时,出现此错误:
Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException
**The POST method is not supported for this route. Supported methods: GET, HEAD.**
您应该在web.php中定义退出路由,如下所示它将创建以下路线:
POST | logout | App\Http\Controllers\Auth\LoginController@logout
您将需要使用POST表单注销。这样,您还将需要推荐的CSRF令牌。
<form method="POST" action="{{ route('logout') }}">
@csrf
<button type="submit">Logout</button>
</form>