问题
I am new to nginx, i manage to run multiple Nodejs projects on single server with different ports. I used my domain to call my Nodejs apis. when I try to call my api from android error is throwing.
if I replace domain with IP address all api cals are working fine.
with domain name api call it shows
Forbidden (403) CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.
More information is available with DEBUG=True.
With postma some times the call succeeding. I think postman send some default headers with my POST request. but in android I don't pass any headers to my POST request so in android always I am getting this CSRF error.
I searched a lot for this and I dint find a working solution for this, somebody please HELP.
this is my nginx configuration.
server {
server_name xxxxx.com www.xxxx.com
location / {
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /lyric/ {
proxy_pass http://localhost:4000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /cpd/ {
proxy_pass http://localhost:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /fpd/ {
proxy_pass http://localhost:6000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
POST REQUEST:
http://xxxxxx.com/lottery-api/get-today-lotteries
I don't pass any header with my api calls.
ps: I tried ccsurf middleware in nodejs. but no luck! it always shows csurf failure!
UPDATE
I just tried pure http call with Nodejs. it works.
var post_data = JSON.stringify({})
var options = {
host: 'www.xxxxxx.com,
port: 80,
path: '/lottery-api/get-today-lotteries',
method: 'POST',
headers: {
"content-type": "application/json"
}
};
var req = http.request(options, function (res) {
console.log('STATUS: ' + res.statusCode);
console.log('HEADERS: ' + JSON.stringify(res.headers));
res.setEncoding('utf8');
res.on('data', function (chunk) {
console.log('BODY: ' + chunk);
});
});
req.on('error', function (e) {
console.log('problem with request: ' + e.message);
});
req.write(post_data);
req.end();
来源:https://stackoverflow.com/questions/59332542/nodejs-with-nginx-csrf-verification-failed-request-aborted