AJAX POST请求调用使用Laravel控制器并排除CSRF保护，但返回错误500

Question

我使用AJAX创建了我的POST请求，然后在/ajax/order-ratings/list web.php中检查了请求URL，并将其包含在VerifyCsrfToken.php.中。在控制器部分，我雄辩的语法似乎是正确的，但是当我检查Google DevTools时，它返回了错误500，所以json响应是响应{type："basic"，url："https://quickenow.com/ajax/order-ratings/list"，重定向: false，状态: 500，ok: false，…。我的目标是像order id一样从请求中获取数据，在这个ajax请求中我哪里出错了？

order.blade.php

var loadRating = (orderId) => {
            console.log(orderId);
            let headers = {};
            headers['X-Requested-With'] = "XMLHttpRequest";

            var data = new FormData();
            data.append('orderId', orderId);
            return new Promise((resolve, reject) => { 
                fetch("{{ secure_url('/ajax/order-ratings/list') }}", {
                    headers: headers,
                    method: "POST",
                    body: data,
                    credentials: "same-origin"
                }).then((res) => {
                    if(res.status !== 200)
                        console.log('error fetching data');
                        //return M.toast({ html: 'list order ratings failed'}); 

                    return res.json();
                }).then((data) => {
                    if(data.models.length == 0){
                         resolve('');
                    }
                    data.models.forEach((model) => {
                        resolve(model.editor_rating);
                    });
                });
            });
        };

WebAjaxPostOrderRatingsController.php (控制器)

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class WebAjaxPostOrderRatingsController extends Controller
{
public function handle(Request $request)
{
    $order = $request->input('orderId');
    $models = \App\Models\Rating::where("order_id" ,"=", $order)->get();
    if($model === null){
        return response()->json(['models' => $models, 'errors' => []]);
    }
    return response()->json(['models' => $models, 'errors' => []]);
}

}

Rating.php (模型)

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

class Rating extends Model
{
    //
    protected $table = 'ratings';


    public function save(Array $options=[])
    {
        $errors = [];

        if(strlen($this->rating) === 0)
            $errors['rating'] = 'invalid rating';

        if(count($errors) !== 0)
            return $errors;

        parent::save($options);
        return [];
    }
}

VerifyCsrfToken.php (CSRF保护)

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
protected $addHttpCookie = true;

protected $except = [
    //
    '/ajax/orders/list',
    '/ajax/orders/edit',
    '/ajax/orders/view',
    '/ajax/orders/reject', 
    '/ajax/orders/submit', 

    '/ajax/packs/list',
    '/ajax/packs/edit',
    '/ajax/packs/save', 
    '/ajax/packs/delete', 
    '/ajax/packs/delete-many', 

    '/ajax/users/list',
    '/ajax/users/edit',
    '/ajax/users/save', 
    '/ajax/users/delete', 
    '/ajax/users/delete-many', 

    '/ajax/biz-settings/list',
    '/ajax/biz-settings/edit',
    '/ajax/biz-settings/save', 
    '/ajax/biz-settings/delete', 
    '/ajax/biz-settings/delete-many', //added 

    '/ajax/customers/list',
    '/ajax/customers/delete', 
    '/ajax/customers/delete-many',  //added

    '/ajax/app-infos/list',
    '/ajax/app-infos/edit',
    '/ajax/app-infos/save', 
    '/ajax/app-infos/delete', 
    '/ajax/app-infos/delete-many',  //added

    '/ajax/faqs/list',
    '/ajax/faqs/edit',
    '/ajax/faqs/save', 
    '/ajax/faqs/delete', 
    '/ajax/faqs/delete-many',  //added

    '/ajax/user-guide/list',
    '/ajax/user-guide/edit',
    '/ajax/user-guide/save', 
    '/ajax/user-guide/delete', 
    '/ajax/user-guide/delete-many',  //added

    '/ajax/user-ratings/list',  //added

    '/ajax/order-ratings/list',  //added
];

}

web.php (路线)

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/

// prevents unauthorized access
$c = [ \App\Http\Middleware\WebAuthMiddleware::class ];

Route::get('/', function () {
    die('please go to https://quickenow.com/login');
    return view('welcome');
});

Route::get(  '/try-push',  'WebGetTryPushController@handle');
Route::get(  '/push-it',  'WebGetTryPushController@handle');

Route::get(  '/privacy-policy',        'WebGetPrivacyPolicyController@handle');
Route::get(  '/terms-and-conditions',  'WebGetTermsAndConditionsController@handle');

Route::post( '/ajax/user-guide/list',   'WebAjaxPostUserGuideListController@handle')->middleware($c);
Route::post( '/ajax/user-guide/edit',   'WebAjaxPostUserGuideEditController@handle')->middleware($c);
Route::post( '/ajax/user-guide/save',   'WebAjaxPostUserGuideSaveController@handle')->middleware($c);
Route::post( '/ajax/user-guide/delete', 'WebAjaxPostUserGuideDeleteController@handle')->middleware($c);
Route::post( '/ajax/user-guide/delete-many', 'WebAjaxPostUserGuideDeleteManyController@handle')->middleware($c); //added

Route::post( '/ajax/user-guide/upload',   'WebAjaxPostUserGuideImageController@handle')->middleware($c);

Route::post( '/ajax/user-ratings/list', 'WebAjaxPostUserRatingsController@handle')->middleware($c); //added

Route::post( '/ajax/order-ratings/list', 'WebAjaxPostOrderRatingsController@handle')->middleware($c); //added

Answer 1

好的，在我发现这个变量$model之前有多少天不存在，所以返回了一个500个错误。我刚删除了这一行：if($model === null){ return response()->json(['models' => $models, 'errors' => []]); }

它运行得很顺利，所以谢谢你的建议。现在，我继续创建显示单个订单数据的请求。=)