📅  最后修改于: 2023-12-03 15:17:12.386000             🧑  作者: Mango
Laravel is a popular PHP web framework that provides developers with a set of tools for building scalable and robust applications. One of the security features of Laravel is the CSRF (Cross-Site Request Forgery) protection. CSRF attacks are a type of malicious attack where an attacker tries to exploit the trust relationship between a user and a web application by forging requests. Laravel provides a built-in mechanism to prevent these types of attacks by adding a CSRF token to every HTML form submitted in the application.
However, this mechanism does not protect AJAX requests sent from JavaScript. In this article, we will learn how to include the CSRF token in an AJAX POST request using JavaScript.
To include the CSRF token in an AJAX POST request, we need to first create a JavaScript variable named csrfToken
that holds the value of the CSRF token. Laravel includes the CSRF token in the meta
tag of the web page. We can access this value using JavaScript as follows:
let csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
This code selects the meta
tag with the name
attribute set to "csrf-token"
, gets its value using the getAttribute
method, and assigns it to the csrfToken
variable.
Next, we need to include this value in the AJAX request headers as follows:
let xhr = new XMLHttpRequest();
xhr.open('POST', '/endpoint', true);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('X-CSRF-TOKEN', csrfToken);
xhr.onreadystatechange = function() {
if (xhr.readyState === 4 && xhr.status === 200) {
// handle response
}
}
xhr.send(JSON.stringify({data}));
In this code snippet, we create a new XMLHttpRequest
object, set its method to POST
and its URL to /endpoint
. We also set the Content-Type
header to application/json
to indicate that we are sending data in JSON format. Finally, we set the X-CSRF-TOKEN
header to the value of the csrfToken
variable that we obtained earlier.
We also set an event listener for the onreadystatechange
event, which is fired every time the state of the request changes. Inside the event listener, we check if the readyState
is equal to 4
and the status
is equal to 200
, which indicates that the request was successful. At this point, we can handle the response using JavaScript.
In this article, we learned how to include the CSRF token in an AJAX POST request using JavaScript in a Laravel application. By doing so, we can protect our application from CSRF attacks even when sending requests from JavaScript.