问题
I am trying to enable the csrf module of Express 4 in an existing application.
I have added the following code:
var csrf = require('csurf')
...
app.use(csrf());
I have started my application and I get:
Error: misconfigured csrf
and a stack trace. Nothing else.
I have checked the documentation, but it is unclear. Can someone help? What is the minimum configuration required to use this module?
回答1:
I have found the solution. The call to app.use(csrf()) must be set after app.use(cookieParser()) AND app.use(session({...}).
回答2:
If you're using Redis as a session store and the server isn't running, you will also get a misconfigured error.
https://github.com/expressjs/csurf/issues/73
来源:https://stackoverflow.com/questions/23997572/error-misconfigured-csrf-express-js-4