NodeJS Express CSRF错误

时间:2014-10-08 18:20:14

标签: node.js angularjs express csrf

我从节点服务器收到以下堆栈跟踪错误。我的应用程序在Angular上运行,并使用Node与API进行交互。

Error: Forbidden
at Object.exports.error (/home/bitnami/myapp/node_modules/express/node_modules/connect/lib/utils.js:63:13)
at createToken (/home/bitnami/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55)
at /home/bitnami/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:7
at Object.<anonymous> (/home/bitnami/myapp/node_modules/express/node_modules/connect/node_modules/uid2/index.js:46:8)
at Object.ondone (/home/bitnami/myapp/node_modules/newrelic/node_modules/continuation-local-storage/node_modules/async-listener/glue.js:188:31)

以下是我的Express应用程序的配置方式:

app = express()
app.configure ->
  app.use express.static(__dirname + "/_public")
  app.use (req, res) ->
    res.sendfile __dirname + assetUrl + "/index.html"
  app.use express.logger("dev")
  app.use express.bodyParser()
  app.use express.cookieParser("shhhh, very secret")
  app.use express.cookieSession()
  app.use express.csrf(value: csrfValue)
  app.use (req, res, next) ->
    res.cookie('XSRF-TOKEN', req.csrfToken())
    res.locals.csrftoken = req.csrfToken()
    next()
  app.use app.router

这是客户端代码:

HTML:

<form name="loginForm" novalidate ng-submit="submitForm(loginForm)">
  <label for="username">Email</label>
  <input id="username" type="email" name="username" ng-model="user.username" required placeholder="Enter your email address">

  <label for="password">Password</label>
  <input id="password" type="password" name="password" ng-model="user.password" required placeholder="Enter your password" ng-minlenth="7">

  <button type="submit" ng-disabled="loginForm.$invalid">Sign in</button>
</form>

Javascript(Angular):

login = (info) ->
    deferred = $q.defer()
    $http(
      method: 'POST'
      url: '/auth/login'
      data: info
    ).then ((resp) ->
      userInfo = resp.data.data
      $window.sessionStorage["userInfo"] = JSON.stringify(userInfo)
      deferred.resolve userInfo
    ), (error) ->
      $window.sessionStorage["userInfo"] = null
      deferred.reject error
      return

我认为这是Node和API之间通信失败的罪魁祸首。只有在AFTER注销时尝试再次登录时才会出现此问题。这与Angular如何加载页面有关吗?如果我刷新页面,则问题不会发生。

0 个答案:

没有答案