我有一个支付系统,其中数据被提交到第三方网站,然后拖回...
当数据返回时,它会命中特定的url,让我们说/ok route。.$_REQUEST['transaction']
但是由于laravel中间件,我得到了令牌不匹配。第三方支付API无法生成令牌,那么我如何禁用它?只为这条路线?
还是有更好的选择?
Route::get('/payment/ok', 'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');
public function Ok( Request $request )
{
$transId = $request->get('trans_id');
if ( isset( $transId ) )
{
return $transId;
}
}
由于版本5.1 Laravel的VerifyCsrfToken中间件允许指定从CSRF验证中排除的路由。为了实现这一点,您需要将路由添加到 App\Http\Middleware\VerifyCsrfToken.php 类中的$except数组:
<?php namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
'payment/*',
];
}
有关详细信息,请参阅文档。
从Laravel 7.7开始,您可以使用方法例如:withoutMiddleware
Route::get('/payment/ok', 'TransactionsController@Ok')
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]);
Route::get('/payment/fail', 'TransactionsController@Fail')
->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]);
