问题描述
我正在 Laravel 中开发 REST API,其中包含用于身份验证的中间件密室。我正在使用 Postman 进行测试,一切正常,特别是在登录时。
但与此同时,我已经在尝试为我的 API 开发文档(这是我在大学的最后一个项目),为此我正在使用 scribe (https://scribe.knuckles.wtf/laravel)。
Scribe 具有允许“试用”API 端点的功能。
所有“GET”端点都可以,但“POST”登录端点给出错误“CSRF令牌不匹配”:
{
"message": "CSRF token mismatch.","exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException","file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.PHP","line": 227,"trace": [
{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Exceptions\\Handler.PHP","line": 199,"function": "prepareException","class": "Illuminate\\Foundation\\Exceptions\\Handler","type": "->"
},{
"file": "C:\\laragon\\www\\dbgep-api\\app\\Exceptions\\Handler.PHP","line": 59,"function": "render",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Pipeline.PHP","line": 51,"class": "App\\Exceptions\\Handler",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.PHP","line": 172,"function": "handleException","class": "Illuminate\\Routing\\Pipeline",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Session\\Middleware\\StartSession.PHP","line": 116,"function": "Illuminate\\Pipeline\\{closure}","class": "Illuminate\\Pipeline\\Pipeline","line": 62,"function": "handleStatefulRequest","class": "Illuminate\\Session\\Middleware\\StartSession","line": 167,"function": "handle",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse.PHP","line": 37,"class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Cookie\\Middleware\\EncryptCookies.PHP","line": 67,"class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\sanctum\\src\\Http\\Middleware\\EnsureFrontendRequestsAreStateful.PHP","line": 26,"line": 149,"function": "Laravel\\Sanctum\\Http\\Middleware\\{closure}","class": "Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful","line": 103,"line": 34,"function": "then",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.PHP","line": 687,"line": 662,"function": "runRouteWithinStack","class": "Illuminate\\Routing\\Router","line": 628,"function": "runRoute","line": 617,"function": "dispatchToRoute",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.PHP","line": 165,"function": "dispatch","line": 128,"function": "Illuminate\\Foundation\\Http\\{closure}","class": "Illuminate\\Foundation\\Http\\Kernel",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.PHP","line": 21,"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize.PHP","line": 27,"class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode.PHP","line": 63,"class": "Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.PHP","line": 52,"class": "Fruitcake\\Cors\\HandleCors",{
"file": "C:\\laragon\\www\\dbgep-api\\vendor\\fideloper\\proxy\\src\\TrustProxies.PHP","line": 57,"class": "Fideloper\\Proxy\\TrustProxies","line": 140,"line": 109,"function": "sendRequestThroughRouter",{
"file": "C:\\laragon\\www\\dbgep-api\\public\\index.PHP","line": 55,"type": "->"
}
]
}
我已经尝试过更改一些抄写器选项,但没有成功。
我注意到在 Postman 测试中我对 xsrf cookie 进行了测试,这可能是 postman 没有错误的关键(我承认这个项目是一个挑战,我正在学习很多东西,但不知道其他东西),但我不知道如何配置“抄写员”来复制它。
任何人都可以帮助我我将不胜感激....对不起我的英语
解决方法
与此同时,我在 Postman 上创建了另一个“窗口”,我不必定义任何 cookie“xsrf”,并且登录效果很好:
所以,问题出在别处。