jeudi 30 mars 2017

TokenMismatchException on some AJAX calls

When I send many fast async AJAX request (because I have a filter for a DataTable) to one of my controllers sometimes I get a TokenMismatchException.

I rewrite the tokensMatch method of the VerifyCsrfToken middleware to check what's happen, but I can't figure out.

protected function tokensMatch($request) {

    $sessionToken = $request->session()->token();

    $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');

    if (!$token && $header = $request->header('X-XSRF-TOKEN')) {
        $token = $this->encrypter->decrypt($header);
    }

    if (!is_string($sessionToken) || !is_string($token)) {
        return false;
    }

    $areEquals = hash_equals($sessionToken, $token);

    if (!$areEquals ) {
        //////////// Sometimes $sessionToken and $token are not equals.
        //////////// $sessionToken have a different value than the current ANTI-CSRF token.
        dd($sessionToken." - ".$token);
    }

    return $areEquals;
}

The problem I see is which $sessionToken is different than $token (the token I have send on the X-CSRF-Token header).

I set this request header as follow:

$.ajaxSetup({
    beforeSend: function (xhr, settings) {
        //////////// Only for my domain (I have commented this line; But it is not the cause of the issue) 
        if (settings.url.indexOf(document.domain) >= 0) {
            //////////// The #X-CSRF-TOKEN is updated every five minutes. 
            //////////// But it is not the cause of the issue too, 
            //////////// because sometimes it works, sometimes it does not —I do not understand the reason— and then it does it again (without changing the token)...
            xhr.setRequestHeader("X-CSRF-Token", $("#X-CSRF-TOKEN").val());
        }
    }
});

By the way, I moved all the web middleware's to $middleware from $middlewareGroup... But I thinkg this is not the cause of the issue; because before move those middlewares it also happened...

Any idea what may be happening?


My Laravel version is 5.2.45



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire