无法使用 csurf (Node.js) 验证我的 csrf-token
Cannot validate my csrf-token using csurf (Node.js)
我无法在此基本测试应用程序中使用 csurf,无论我做什么,我总是在发送表单后收到 "ForbiddenError: invalid csrf token"。
我做错了什么?我正在尝试按照 in the documentation for csurf 给出的示例进行操作(尽管我也在使用 TLS - 这会影响结果吗?)。
'use strict'
var https = require('https');
var express = require('express');
var cookieParser = require('cookie-parser')
var csrf = require('csurf')
var bodyParser = require('body-parser')
var fs = require('fs');
var oauth = require('./oauth.js');
var argv = require('minimist')(process.argv.slice(2), {
alias: {p: 'port'},
default: {port: 80},
});
// setup route middlewares
var csrfProtection = csrf({ cookie: true })
var parseForm = bodyParser.urlencoded({ extended: false })
var app = express();
app.use(cookieParser());
// Init SSL
var sslPath = '/etc/letsencrypt/live/censored/';
var options = {
key: fs.readFileSync(sslPath + 'privkey.pem'),
cert: fs.readFileSync(sslPath + 'fullchain.pem')
};
app.get('/some-form', csrfProtection, function(req, res){
res.send('<form action="/process" method="POST">' +
'<input type="hidden" name="_csrf" value="' + req.csrfToken() + '">' +
'Favorite color: <input type="text" name="favoriteColor">' +
'<button type="submit">Submit</button>' +
'</form>');
});
app.post('/process', csrfProtection, function(req, res){
res.send('<p>Your favorite color is "' + req.body.favoriteColor + '".');
});
app.get("/", function(req, res) {
res.send('Hello World!');
});
app.listen(argv.port, function() {
console.log('listening on port ' + argv.port);
});
https.createServer(options, app).listen(443);
我忘记使用 parseForm,一旦我这样做了一切正常!
我无法在此基本测试应用程序中使用 csurf,无论我做什么,我总是在发送表单后收到 "ForbiddenError: invalid csrf token"。
我做错了什么?我正在尝试按照 in the documentation for csurf 给出的示例进行操作(尽管我也在使用 TLS - 这会影响结果吗?)。
'use strict'
var https = require('https');
var express = require('express');
var cookieParser = require('cookie-parser')
var csrf = require('csurf')
var bodyParser = require('body-parser')
var fs = require('fs');
var oauth = require('./oauth.js');
var argv = require('minimist')(process.argv.slice(2), {
alias: {p: 'port'},
default: {port: 80},
});
// setup route middlewares
var csrfProtection = csrf({ cookie: true })
var parseForm = bodyParser.urlencoded({ extended: false })
var app = express();
app.use(cookieParser());
// Init SSL
var sslPath = '/etc/letsencrypt/live/censored/';
var options = {
key: fs.readFileSync(sslPath + 'privkey.pem'),
cert: fs.readFileSync(sslPath + 'fullchain.pem')
};
app.get('/some-form', csrfProtection, function(req, res){
res.send('<form action="/process" method="POST">' +
'<input type="hidden" name="_csrf" value="' + req.csrfToken() + '">' +
'Favorite color: <input type="text" name="favoriteColor">' +
'<button type="submit">Submit</button>' +
'</form>');
});
app.post('/process', csrfProtection, function(req, res){
res.send('<p>Your favorite color is "' + req.body.favoriteColor + '".');
});
app.get("/", function(req, res) {
res.send('Hello World!');
});
app.listen(argv.port, function() {
console.log('listening on port ' + argv.port);
});
https.createServer(options, app).listen(443);
我忘记使用 parseForm,一旦我这样做了一切正常!