我正在使用基于Laravel的較新的PHP版本遷移舊的perl應(yīng)用程序.這需要perl應(yīng)用程序向新的Laravel應(yīng)用程序發(fā)出XHR請(qǐng)求,并且我在Chrome中遇到了一些問題,并且返回了Cookie.
當(dāng)我們已經(jīng)登錄到這兩個(gè)應(yīng)用程序時(shí),我正在嘗試向Laravel應(yīng)用程序發(fā)出兩個(gè)請(qǐng)求:第一個(gè)請(qǐng)求CSRF令牌,第二個(gè)使用該令牌發(fā)出POST請(qǐng)求.
我已經(jīng)將CORS配置為我正在發(fā)送和接收cookie的點(diǎn),并且初始/令牌GET調(diào)用正常工作(根據(jù)XHR請(qǐng)求發(fā)送的cookie進(jìn)行身份驗(yàn)證)
/ token調(diào)用然后返回一個(gè)帶有l(wèi)aravel_session cookie的Set-Cookie標(biāo)頭(如預(yù)期的那樣),但我的問題是以下POST請(qǐng)求發(fā)送了同一個(gè)cookie的兩個(gè)版本,PHP似乎只是查看不正確的一個(gè)和因此加載錯(cuò)誤的會(huì)話并針對(duì)錯(cuò)誤的CSRF令牌進(jìn)行測(cè)試.
以下是所有3個(gè)請(qǐng)求的詳細(xì)信息 – 正如您所看到的,最終的POST是發(fā)送兩個(gè)版本的相同cookie,具有不同的值. (為清晰起見,在Cookie標(biāo)頭中添加了換行符)
這只發(fā)生在Chrome中,在Safari中,它似乎發(fā)送了正確的Cookie并且CSRF令牌已正確驗(yàn)證. Chrome版本為45.0.2454.101.
令牌請(qǐng)求標(biāo)頭:
GET /token HTTP/1.1Host: laravel.domain.comConnection: keep-aliveAccept: */ *Origin: https://perl.domain.comX-FirePHP-Version: 0.0.6User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36Referer: https://perl.domain.com/original/page.htmlAccept-Encoding: gzip, deflate, sdchAccept-Language: en-US,en;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6Im5kSG02TVhsc08wUVZCZkd2WnZQa1E9PSIsInZhbHVlIjoiWFE0MXFBNlZIMnNXVHppXC9hN0dqNlJ2K1psUU9JZlFqTUdZZ3RJVmc0N1ZqV0MrVEczOGVFV0ExcDRDYmQxZDBTbFhGaWFiUkh5TGowOUgxdzVKOCtBPT0iLCJtYWMiOiJhOTYzNDFlZjUyYTdjMWFmMDE1MTFlMjczYTA0NTE2NThlYjVlNTkyOWUyZWNjZWM1MGYxODc4MmVjMTM5YTFhIn0=;laravel_session=eyJpdiI6ImdSM0VTT25FUzZoY3JOeVwvN2JLWFFnPT0iLCJ2YWx1ZSI6Ilp3WHBFZlNuTnZibVMyMUlvbk1YM1YwdXF5VjRnTW1CNWVjUU1ReXlLZldSeEJxeTJFSmgyN2pyTjAydXlzMzE1TmJseWZrQmRraStDUkFqNTFReUp3PT0iLCJtYWMiOiI5MWMxM2YyNzFjOTY3ZjIxMmVjYmNlZWNlNDAzYjI2MjZkNmJhMzIyM2VlNTAwNGJlNTQ4OTU4OTMxZjJhYjE5In0=;_ga=GA1.3.1924987937.1443461035;_dc_gtm_UA-5119192-1=1令牌響應(yīng)標(biāo)頭:
Access-Control-Allow-Credentials:trueAccess-Control-Allow-Origin:https://perl.domain.comCache-Control:no-cacheConnection:Keep-AliveContent-Length:40Content-Type:text/plain; charset=UTF-8Date:Mon, 28 Sep 2015 17:24:18 GMTKeep-Alive:timeout=2, max=80P3P:policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"Server:ApacheSet-Cookie:XSRF-TOKEN=eyJpdiI6ImFiT3ZSWWVDUnlKcWMraGFrWnBVY2c9PSIsInZhbHVlIjoiOTVnc05UM3puVGRwTUNUbDl3T1FNTVpWdGxVM29VaHNLSUt0XC9LTkhzMG5iOGlNbmhHXC9KMDBBTW9qRjZFQXZaSmlHTmhKUVpmTGdpXC80K0lkSUhUdnc9PSIsIm1hYyI6IjI5Njc1ZWE2NTRiYTY4NWJhMmE5Y2UwNjBlZDRkOWE4OGQwOWQ5NjE1YjAyNTMwNTFmZDczY2RjNzRiNjExNDIifQ==; expires=Mon, 28-Sep-2015 19:24:23 GMT; Max-Age=7200; path=/Set-Cookie:laravel_session=eyJpdiI6IjJqbTRyWG1GOEd1c2NIRnd4eE4yMGc9PSIsInZhbHVlIjoiZzk2SFE2emxcL0xGNjI3aGtYd1NmWURUVEduMVZVY2dYeUlRTVo2UTYyU0I2dFljalhxTjJSY3JFMGpvXC9nc2N0N3dJUFZYbGQya3pUNit1eWtrM3JqZz09IiwibWFjIjoiNDBhYzAzZjkwNDA5ZDE4Y2Y5ZjQ1MjdiYTUwYWU2M2Y5NjVjY2I1ZmMxZWFlMzAwZWM4MmVjNWRlYjM2Yjc2ZSJ9; expires=Mon, 28-Sep-2015 19:24:23 GMT; Max-Age=7200; path=/; httponlyVary:OriginX-Powered-By:PHP/5.5.9-1ubuntu4.11預(yù)檢請(qǐng)求標(biāo)題:
OPTIONS /destination/of/post HTTP/1.1Host: laravel.domain.comConnection: keep-aliveAccess-Control-Request-Method: POSTOrigin: https://perl.domain.comX-FirePHP-Version: 0.0.6User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36Access-Control-Request-Headers: accept, content-typeAccept: */*Referer: https://perl.domain.com/original/page.htmlAccept-Encoding: gzip, deflate, sdchAccept-Language: en-US,en;q=0.8預(yù)檢響應(yīng)標(biāo)題:
HTTP/1.1 200 OKDate: Mon, 28 Sep 2015 17:24:24 GMTServer: ApacheX-Powered-By: PHP/5.5.9-1ubuntu4.11Allow: POSTCache-Control: no-cache, privateaccess-control-allow-credentials: trueaccess-control-allow-origin: https://www.readytoship.com.auaccess-control-allow-methods: GET, POST, PUT, DELETEaccess-control-allow-headers: ACCEPT, CONTENT-TYPESet-Cookie: XSRF-TOKEN=eyJpdiI6ImVRTGM3Q1I5RUttXC83NlVLNEN3Z3ZRPT0iLCJ2YWx1ZSI6IlE0SVRjVnJHRHhRUXFYYUhZbVwvSEpLSFp2VVZSa0creW5OUzR2aFdXTEI5VWFEMzBCSkNjeHBzR0dycjVuYWxsOVJ4KzdNVWhhR3dMSmhiam8yUDZcL1E9PSIsIm1hYyI6ImRiYzE4ODRlMTAyOTFkMmY0NTI2YjkzMmExMGZjM2EzOTU2ZDc3N2Q1ZGQzYjNhM2EyNDY5YjhjNGIxMjVlMWYifQ==; expires=Mon, 28-Sep-2015 19:24:24 GMT; Max-Age=7200; path=/Set-Cookie: laravel_session=eyJpdiI6InR5M3JjWkltaVdoSldIa3FsWVp2YUE9PSIsInZhbHVlIjoibjFuODdiVXRKQmdvU1hVcTdcL3VQeWF4K243d2h3Z3EwNWtVeTNWZUdBWGFWQ21QQXlid2RFSmNLSklpanVpZUNhZGE5UlU2Q1FqUCtnSVd4UWkwM2ZRPT0iLCJtYWMiOiI1ZjNjOWQyNmZlNGI1MDI5OGQxOGY2ZGI5M2M1MTMwNWRjZGY4MDVjMGViODNjYjg0MmU5ZWQ0MzRjNjYyN2VhIn0=; expires=Mon, 28-Sep-2015 19:24:24 GMT; Max-Age=7200; path=/; httponlyVary: Accept-EncodingContent-Encoding: gzipP3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"Content-Length: 3501Keep-Alive: timeout=2, max=80Connection: Keep-AliveContent-Type: text/html; charset=UTF-8POST請(qǐng)求標(biāo)題:
POST /destination/of/post HTTP/1.1Host: laravel.domain.comConnection: keep-aliveContent-Length: 72Accept: application/json, text/javascript, */ *; q=0.01Origin: https://perl.domain.comX-FirePHP-Version: 0.0.6User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36Content-Type: application/jsonReferer: https://perl.domain.com/original/page.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: _dc_gtm_UA-5119192-1=1; _ga=GA1.3.2141864485.1441288526;__zlcmid=WXevTAW8aGLGrO; XSRF-TOKEN=eyJpdiI6ImQ1TFRGaWFwK3cyd3RRa3BzbUNmc0E9PSIsInZhbHVlIjoiNGEydmlLWE96NzZueWtaWWlUa3UzMjZOK29NbmNPb2VidVdVYzdSbkZsaWJMVmxBRitLT05oK3hodUc1ejRMOWJWYzVIeEl6UlpzQ0dIeWlob3pFOFE9PSIsIm1hYyI6IjkzNTczMDJlOWVhZjM5NTU0NGEyNmE5YWNiODcxNDk4YmE0ODEyYTE3ZWExODBiMmNhNDFmMGFhMjVmNjhhYjgifQ==;laravel_session=eyJpdiI6IkIrc3QzUk1iQnNEKysxOEg2UCtSbmc9PSIsInZhbHVlIjoiYXVDalVhaUpDMms3K3AwZFVLV0EyMDMwK25tVUQyYWw5c1MxTVRkZ0ZvVWpcL2lZUndubitsQ2VVMDF1UFcwNzNsR1doNG9TY2diMEhadHdXMEoxamt3PT0iLCJtYWMiOiI5MjE1NWE0MGNmMDgyYzhlYjBjMDUwY2JhOGYxNThjZTM0MjMwM2E3M2VjZjg1ZTgxMzIxZjE5OTkzZDEzZDhhIn0=;_ga=GA1.3.1924987937.1443461035;_dc_gtm_UA-5119192-1=1;XSRF-TOKEN=eyJpdiI6ImFiT3ZSWWVDUnlKcWMraGFrWnBVY2c9PSIsInZhbHVlIjoiOTVnc05UM3puVGRwTUNUbDl3T1FNTVpWdGxVM29VaHNLSUt0XC9LTkhzMG5iOGlNbmhHXC9KMDBBTW9qRjZFQXZaSmlHTmhKUVpmTGdpXC80K0lkSUhUdnc9PSIsIm1hYyI6IjI5Njc1ZWE2NTRiYTY4NWJhMmE5Y2UwNjBlZDRkOWE4OGQwOWQ5NjE1YjAyNTMwNTFmZDczY2RjNzRiNjExNDIifQ==;laravel_session=eyJpdiI6IjJqbTRyWG1GOEd1c2NIRnd4eE4yMGc9PSIsInZhbHVlIjoiZzk2SFE2emxcL0xGNjI3aGtYd1NmWURUVEduMVZVY2dYeUlRTVo2UTYyU0I2dFljalhxTjJSY3JFMGpvXC9nc2N0N3dJUFZYbGQya3pUNit1eWtrM3JqZz09IiwibWFjIjoiNDBhYzAzZjkwNDA5ZDE4Y2Y5ZjQ1MjdiYTUwYWU2M2Y5NjVjY2I1ZmMxZWFlMzAwZWM4MmVjNWRlYjM2Yjc2ZSJ9POST響應(yīng)標(biāo)頭
HTTP/1.0 302 FoundDate: Mon, 28 Sep 2015 17:24:24 GMTServer: ApacheX-Powered-By: PHP/5.5.9-1ubuntu4.11Cache-Control: no-cacheLocation: https://laravel.domain.com/auth/loginP3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"Content-Length: 416Connection: closeContent-Type: text/html解決方法:
同名的兩個(gè)cookie可能因?yàn)樗鼈兾挥诓煌穆窂?當(dāng)您編輯cookie時(shí),您必須指定與令牌響應(yīng)頭中相同的路徑和相同的域.
來源:https://www.icode9.com/content-1-291401.html聯(lián)系客服
