我正在尝试使用csrf(express)但发布后我有下一个回复:
ServerJS:
var ..,..,..,..,..,
store = new express.session.MemoryStore;
app.configure(function(){
app.use(express.errorHandler());
app.set('view engine', 'mustache');
app.disable('x-powered-by');
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ store:store, secret: 'secret',key: 'uid', cookie: { httpOnly: true, secure: true, maxAge:3600000, expires:new Date(Date.now() + 3600000) }}));
app.use(express.csrf());
app.use(function (req, res, next) {
res.cookie('TOKEN', req.csrfToken());
res.locals.csrftoken = req.csrfToken();
next();
});
app.use(express.compress());
app.use('/assets', express.static(__dirname + "/public/assets/", { maxAge: oneDay }));
});
app.get('/', function (req, res){
data = {"response":req.session._csrfSecret};
page = fs.readFileSync(vistas+'test.html', "utf8");
html = mustache.to_html(page, data);
res.send(html);
});
app.post('/', csrf, function (req, res){
console.log(req.body);
});
渲染HTML
<html>
<head></head>
<body>
<form method="post" action="/">
<input type="text" name="test" value="">
<input type="hidden" name="_csrf" value="WI3wl29SPa7qOz39eqlHyRCO">
<input type="submit" value="ok">
</form>
</body>
</html>
发布后的回复:
错误:在createToken处禁止Object.exports.error(/node_modules/express/node_modules/connect/lib/utils.js:63:13)(node_modules / express / node_modules / connect / lib / middleware / csrf.js :82:55)在Object.handle(node_modules / express / node_modules / connect / lib / middleware / csrf.js:48:24)下一步(node_modules / express / node_modules / connect / lib / proto.js:193:15) )在node_modules / express / node_modules / connect / lib / middleware / session.js:339:9的node_modules / express / node_modules上的next(node_modules / express / node_modules / connect / lib / middleware / session.js:315:9) /connect/lib/middleware/session/memory.js:50:9 at process._tickCallback(node.js:415:13)
可以帮帮我吗?