Comments (4)
Hi @cagcak
Yes - I've added the 'your session expired' for TokenMismatchException.
It should throw the error on local environment, think also when you have multiple form pages open.
I still want to add it so that when it fails - it generates a new one so the user does not have to refresh and can just submit again with new token. Everything in due time :)
But please let me know if happens 'randomly' for you. I've did some big-ish updates a few weeks ago and did not have much time to do any upgrades lately - might've broken a few things.
Thanks for looking so deep into it - always helps to get more eyes and opinions on it. :)
Hope this helps...
from laravel-admin-starter.
@cagcak
Forgot to mention - In the Admin / Resource Controllers - On the index method I save the url to the session and then on store/edit I redirect to that url saved in session. This can be an issue if you have multiple pages open - it will redirect to the recently opened url.
It might be an issue if you want to open multiple pages - due to it only being in the admin I figured its oky - does make 'changing' url easier (don't have to update the redirect url)
But yeah - probably personal preference..., unless you can see a major flaw in it?
from laravel-admin-starter.
Hello again @bpocallaghan .
That makes perfectly sense. I dont leave multiple pages open while artisan serving generally.
CSRF token in middleware is needed for protection. But I think it must be activeted in only production. That is my opinion, so I might be wrong :) . You know the best.
Anyway I have changed the APP_ENV as production to use the same token in my localhost. But you might be consider modifying App\Http\Middleware\VerifyCsrfToken for local and development modes as follows:
public function handle($request, \Closure $next)
{
if (in_array(env('APP_ENV'), ['local', 'dev'])) {
return $next($request);
}
return parent::handle($request, $next);
}
I'm not good enough to contribute at backend development but if I will encounter find an issue in frontend I'll try to fix it.
Best regards
from laravel-admin-starter.
Hi @cagcak
I do agree with you - makes total sense.
Just to add - only personal preference really.
On the one side - you disable CSRF on local - which is 100%.
Just a note - might be nice to see the CSRF on a form / ajax that you 'forgot' to add the CRSF field, but again - why will this happens if you've setup ajax correctly + forms - just thought I share.
Luckily - like most cases in Laravel , only takes a few lines to make it work for you :)
Thanks - Happy coding...
from laravel-admin-starter.
Related Issues (20)
- Feature requests HOT 11
- Suggestion: Change Summernote for Toast.io HOT 2
- Slack HOT 1
- Upgrade to Laravel 5.6 HOT 3
- Add Admin Navigation HOT 6
- implement spatie/laravel-permission? HOT 7
- reCAPTCHA dependency HOT 1
- Setup google analytics for site . HOT 1
- Missing Namespace and Use declaration in the Admin/General controller group HOT 4
- Laravel Debugbar is not appearing in the project HOT 2
- Admin CRUD always acts on FAQ Categories HOT 3
- Impersonate Package Still Using App\User HOT 5
- Api problem HOT 3
- how to make localization? HOT 1
- Controller not exist on new setup HOT 4
- How upload pictures in topic?
- Errors: Errors even on installation HOT 1
- Missing migrations HOT 1
- image cannot load HOT 4
- What are the main differences between this and titan HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-admin-starter.