Express CSRF token validation

后端未结

关注

 3  1814

轻奢々 2020-12-17 00:44

I\'m having issues with CSRF tokens. When I submit a form, a new XSRF-TOKEN is being generated but I think I\'m generating two different tokens, I\'m kinda conf

3条回答

Happy的楠姐 (楼主)

2020-12-17 00:47
Based on the amount of code you shared, I will mention a few things that don't look quite right to me:

1 . You may need to swap the lines below so that csrf runs before the routes.
```
app.use(csrf());
app.use(app.router);
```
2 . The csrftoken setup needs to also be placed before the routes.
```
app.use(csrf());
app.use(function (req, res, next) {
  res.cookie('XSRF-TOKEN', req.csrfToken());
  res.locals.csrftoken = req.csrfToken();
  next();
});
app.use(app.router);
```
3 . You'll need to use locals.csrftoken in your form:
```
  

  Favorite color: 
  
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...