将nodejs应用部署到Firebase时出现ForbiddenError: invalid csrf token错误。将应用程序部署到heroku或以localhost运行时没有错误。从前端提交数据时发生错误。
这是我的错误日志:
在csrf(/workspace/node_modules/csurf/index.js:112:19) 在Layer.handle [作为handle_request](/workspace/node_modules/express/lib/router/layer.js:95:5) 在trim_prefix(/workspace/node_modules/express/lib/router/index.js:317:13)
我的app.js文件:
const cookieParser = require("cookie-parser");
const csrf = require("csurf");
const bodyParser = require("body-parser");
const express = require("express");
const admin = require("firebase-admin");
const path = require('path');
const functions = require('firebase-functions');
admin.initializeApp(functions.config().firebase);
const csrfMiddleware = csrf({ cookie: true });
const PORT = process.env.PORT || 5000;
const app = express();
app.engine("html", require("ejs").renderFile);
// app.use(express.static("static"));
app.use(express.static(path.join(__dirname + '/views')));
app.use(bodyParser.json());
app.use(cookieParser());
app.use(csrfMiddleware);
app.all("*", (req, res, next) => {
res.cookie("XSRF-TOKEN", req.csrfToken());
next();
});
app.get("/login", function (req, res) {
const sessionCookie = req.cookies.session || "";
admin
.auth()
.verifySessionCookie(sessionCookie, true /** checkRevoked */)
.then(() => {
res.render("login.html");
})
.catch((error) => {
res.render("index.html");
});
});
app.get("/", function (req, res) {
res.render("index.html");
});
app.post("/sessionLogin", (req, res) => {
const idToken = req.body.idToken.toString();
const expiresIn = 3600000; //1 hour in milliscnds
admin
.auth()
.createSessionCookie(idToken, { expiresIn })
.then(
(sessionCookie) => {
const options = { maxAge: expiresIn, httpOnly: true, secure: true };
res.cookie("session", sessionCookie, options);
res.end(JSON.stringify({ status: "success" }));
},
(error) => {
res.status(401).send("UNAUTHORIZED REQUEST!");
}
);
});
app.get("/sessionLogout", (req, res) => {
res.clearCookie("session");
res.redirect("/");
});
exports.app = functions.https.onRequest(app);