我使用Laravel5.1爲domain.com和upload.domain.com,同一腳本(複製粘貼並在配置中更改站點url文件)。XHR2文件上傳到Laravel5.1/nginx上傳模塊的子域令牌不匹配
會話域設置爲.domain.com,並在upload.domain.com上我已經添加了所有的CORS標頭upload.domain.com和AJAX帖子工作正常,並使用數據庫的會議。
我有以下nginx的配置:
location /upload {
add_header Access-Control-Expose-Headers Accept-Ranges;
add_header Access-Control-Expose-Headers Content-Encoding;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Expose-Headers Content-Range;
add_header accept_ranges bytes;
upload_state_store /tmp;
upload_resumable on;
add_header Pragma no-cache;
add_header X-Content-Type-Options nosniff;
#add_header Cache-control "no-story, no-cache, must-revalidate";
# Access control for CORS
{ ....}
add_header X-CSRF-Token $HTTP_X_CSRF_TOKEN;
add_header X-XSRF-TOKEN $HTTP_X_CSRF_TOKEN;
upload_set_form_field "_token" $HTTP_X_CSRF_TOKEN;
client_max_body_size 4096m;
upload_pass /internal_upload;
upload_pass_args on;
upload_store /storage/uploaded 1;
upload_store_access user:r group:r all:r;
upload_set_form_field $upload_field_name.name "$upload_file_name";
upload_set_form_field $upload_field_name.path "$upload_tmp_path";
upload_cleanup 400 404 499 500-505;
}
位置/ internal_upload {
proxy_pass http://upload.domain.com/fileupload/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
當這樣做XHR2請求我通過使用經由報頭中的標記:
xhr.setRequestHeader("X-CSRF-Token", globalObj._token);
xhr.setRequestHeader("X-XSRF-TOKEN", globalObj._token);
最後,當nginx將數據傳遞給子域上的後端應用程序時,最後問題就是引發了令牌不匹配異常。
我還注意到,domain.com設置了一個名爲X-XSRF-TOKEN的cookie,並使用domain.com作爲域名,upload.domain.com設置了另一個X-XSRF-TOKEN令牌,域名爲upload.domain.com 。這是正常的,因爲這兩個應用程序設置X-XSRF-TOKEN和值是不相等的,我想這可能是問題或者也許nginx剝離一些數據,然後將它們傳遞到後端?