I am trying to use this package, which does everything I want. So indeed everything seems to work except for when I upload my image.
It's not going to UtilsController#uploadfile function at all.
Route::post('/uploadfile', 'UtilsController#uploadfile');
public function uploadfile(Request $request){
$img = $request->img;
$newlocation = $request->newlocation;
$filename = $request->filename;
return file_put_contents ($newlocation . "/" . $filename , $img );
}
But when I inspect the network, everything seems to be OK...
And I get this error: 419 unknown status
Any idea?
Sometimes there may be situations where on which we may want to have routes to exist without requiring the CSRF_TOKEN. We can simply add those URIs or routes in VerifyCsrfToken middleware's except array like this
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'stripe/*',
'http://example.com/foo/bar',
'http://example.com/foo/*',
];
}
Related
I have created a middleware, the middleware name is expireDateCheck
This middleware class I have kept to Kernel.php and I've added to this class protected $routeMiddleware.
Inside Kernel.php code is:
protected $routeMiddleware = [ 'expireDateCheck' => \App\Http\Middleware\expireDateCheck::class, ]
Then I've given a condition inside middleware expireDateCheck.php for redirecting to the dashboard, this condition working fine but the main problem is it's redirecting to the dashboard two times which means after showing dashboard then it's showing again dashboard page it seems like dashboard page loading multiple time.
How can I fix this problem?
Inside middleware expireDateCheck.php code is:
<?php
namespace App\Http\Middleware;
use Closure;
use App\User;
use App\Client;
use Auth;
use Redirect;
class expireDateCheck
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::check() && Auth::user()){
$currentDate = date('Y-m-d H:i:s');
$userExpireDate = Client::where('expire_date', '<' , $currentDate)->first();
if($userExpireDate){
return Redirect::to('dashboard');
}
return $next($request);
}
}
}
Here are my routes:#Nikolay
Route::group(['middleware' => 'expireDateCheck'],function(){
-------------------------------
-------------------------------
});
Route::get('dashboard','DashboardController#index')->middleware('admin');
The middleware is run on all urls, therefor also on the request when loading the dashboard. You can remove the middlewares when defining the routes, this will avoid it from loading twice, and since the logic is to return them to the dashboard it does not makes sense running it on the dashboard.
Route::get('dashboard', 'DashboardController#index')->withoutMiddleware(['expireDateCheck']);
Or by grouping multiple.
Route::group([
'excluded_middleware' => ['expireDateCheck'],
], function () {});
I'm trying to exclude all requests on an endpoint which I call test.com/code so I do like this in the VerifyCsrfToken.php file.
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* Indicates whether the XSRF-TOKEN cookie should be set on the response.
*
* #var bool
*/
protected $addHttpCookie = true;
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'code',
'code/*'
];
}
But it does not solve the issue, even after I try to run "php artisan route:clear && php artisan config:clear", Anyone knows why I can't exclude specific routes? (Laravel 5.8)
My route is something like this:
Route::get('code/testing', 'CodeController#testing');
I have try this and it didn't work either.
protected $except = [
'https://test.com/code/*',
];
Till now the only way I figure out is remove the line "\App\Http\Middleware\VerifyCsrfToken::class," from app/Http/Kernel.php to disable Csrf feature which is not a good solution.
Use / (slash) at the beggining :
protected $except = [
'/code/*'
];
You can try '/code/*'. It works for me with a slash / in the front of the url.
I have a laravel 5.5 app I am working on and it has an existing route which serves up html ready to be rendered to pdf:
Route::get('wkhtml/read/{documentId}/{pageId?}', $namespace . 'WkhtmlController#getRead')
->name('wkhtml.read')
->middleware('wkhtml');
This all works fine and when you navigate to the page, it shows the page ready to be rendered.
I want to make a differentiation between the pages shown here and pages which are going to be downloaded, so I added this route:
Route::get('wkhtml/download/{documentId}/{pageId?}', $namespace . 'WkhtmlController#getDownload')
->name('wkhtml.download')
->middleware('wkhtml');
If I navigate to the url eg app.localhost/wkhtml/download/123, instead of showing the pages, the user is being redirected to the login page. Nothing else has changed, so it is a bit confusing.
The WKHTMLFilter looks like this:
<?php
namespace App\Http\Middleware;
use Closure;
use App\Services\Document\Author;
use Illuminate\Http\Request;
class WKHTMLFilter
{
/**
* Handle an incoming request to one of the wkhtml routes
*
* #param Request $request
* #param Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
// If it's coming from the wkhtml
if (!Author::isWkhtml($request)) {
return response()->make('Not wkhtml, not allowed here', 403);
}
return $next($request);
}
}
The app/Http/Kernel.php has this:
protected $routeMiddleware = [
...
'wkhtml' => \App\Http\Middleware\WKHTMLFilter::class,
];
The request doesn't appear to be hitting App\Services\Document\Author#isWkhtml, as I placed a die-dump there:
public static function isWkhtml(Request $request)
{
dd('here');
At the moment though, the request is not even hitting this filter.
How can I get the request to use the filter/middleware, if not like above?
Thanks in advance.
So it turns out in Laravel there are exposed routes in the AuthenticatedSession middleware, I just needed to add my new route:
protected $publicRoutes = [
'wkhtml.read', // existing route
'wkhtml.download', // new route
...
];
I wrote some php function in public directory because I have to use external library.
Then I can't retrieve any session data and authentication data from the controller I have tested with below php script
session_start();
var_dump($_SESSION['user']);
I have initial Session data from AdminMiddlware already
It awesome for using it in Resource->view directories but can not in public.
namespace App\Http\Middleware;
use App\User;
use Closure;
use Illuminate\Support\Facades\Auth;
class AdminMiddleware
{
/**
* Handle an incoming request. User must be logged in to do admin check
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = User::find(\Auth::user()->id);
if ((int) $user->is_admin == (int) config('auth.guards.is_admin')) {
$collection = collect(Auth::user());
$thisdata = $collection->toArray();
$request->session()->put('user', $thisdata);
return $next($request);
}
return redirect()->guest('/');
}}
Ok, the simplest way that I can see to get this to work with Laravel is:
(If you haven't done so already) Copy
public/gallery/scripts/filemanager.config.default.json
to
public/gallery/scripts/filemanager.config.json
Then set "fileConnector"(line 25) to "/authenticate-filemanager", e.g
"fileConnector": "/authenticate-filemanager",
This will tell your Filemanager application to load through the route /authenticate-filemanager.
Next, go to public/gallery/connectors/php/application/FmApplication.php and at the bottom change if(!auth()) to if(!auth()->check()) this will tell the application to use the built-in auth in Laravel.
Then you will need to set up the actual route (this is essentially the contents of filemanager.php without the auth() function):
Route::match(['GET', 'POST'], 'authenticate-filemanager', function () {
require_once(public_path('gallery/connectors/php/application/Fm.php'));
require_once(public_path('gallery/connectors/php/application/FmHelper.php'));
$config = [];
$fm = Fm::app()->getInstance($config);
$fm->handleRequest();
});
Because both GET and POST calls are made to the same endpoint match is used. Make sure you don't put this route behind the auth middleware.
Lastly, you just need to to go to app/Http/Middleware/VerifyCsrfToken.php and add 'authenticate-filemanager' to the $except array to disable csrf for the route.
Hope this helps!
Update for RichFilemanger ver. 2.7.6 and Laravel 5.6
I use RichFilemanager in HTML text editor in admin panel. So check for admin user is logged in.
in public/../RichFilemanager/config/filemanager.config.json
"connectorUrl": "/admin/authenticate-filemanager",
in route/web.php
Route::match(['GET', 'POST'], '/admin/authenticate-filemanager', function () {
//Here check is admin or user is authenticated. Can use: auth()->check()
$isAuth = \App\Libraries\Admin\AdminBLL::isAuth();
if(!$isAuth){
return 'Not authenticated';
}
return require_once(public_path('assets/plugins/RichFilemanager/connectors/php/filemanager.php'));
});
As was wrote before by Ross Wilson: Lastly, you just need to to go to app/Http/Middleware/VerifyCsrfToken.php and add 'admin/authenticate-filemanager' to the $except array to disable csrf for the route.
Last one - setup files folder location in public/../RichFilemanager/connectors/php/filemanager.php
$local->setRoot('userfiles/filemanager', true, true);
I want to call my functions from android side.
now, I want to send post values from android side.
How can I disable csrf token for some functions ?
because without it I got error message .
like this:
Route::post('mobile/android/getlastnews','NewsController#getLastNews');
For Laravel 5.2, inside app/Http/Middleware/VerifyCsrfToken.php you just need to add it to the $except array.
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'mobile/android/getlastnews'
];
}
If you wanted to allow all routes for mobile/ you can do the following
protected $except = [
'mobile/*'
];
Open app/Http/Middleware/VerifyCsrfToken.php and in the protected $except = []; array add your URL that you want to be skipped for CSRF validation.