我使用带有express.js和passport.js的节点作为我的身份验证框架。
我使用下面的代码设置了在express.js中内置的csrf保护。
app.use(express.csrf());
app.use(function (req, res, next) {
res.locals.token = req.csrfToken();
next();
});
我的路线:
app.post('/passportlogin', passport.authenticate('local-login', {....}), function(req, res){...});
我的登录表单中有一个隐藏字段,其名称为''_ csrf',我确认标记已初始化。当我将表格(POST)提交给护照认证时,快递会返回403未经授权的错误,如下所示。
知道如何使用express& amp;来设置csrf护照?
Express
403 Error: Forbidden
at Object.exports.error (node_modules\express\node_modules\connect\lib\utils.js:63:13)
at createToken (node_modules\express\node_modules\connect\lib\middleware\csrf.js:82:55)
at Object.handle (node_modules\express\node_modules\connect\lib\middleware\csrf.js:48:24)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at Object.handle (node_modules\connect-flash\lib\flash.js:21:5)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at SessionStrategy.strategy.pass (node_modules\passport\lib\middleware\authenticate.js:314:9)
at SessionStrategy.authenticate (node_modules\passport\lib\strategies\session.js:67:10)
at attempt (node_modules\passport\lib\middleware\authenticate.js:337:16)
at Object.authenticate [as handle] (node_modules\passport\lib\middleware\authenticate.js:338:7)