带有passport.js的Node / Express.js csrf

时间:2015-01-06 06:52:51

标签: javascript node.js express csrf passport.js

我使用带有express.js和passport.js的节点作为我的身份验证框架。

我使用下面的代码设置了在express.js中内置的csrf保护。

app.use(express.csrf());
app.use(function (req, res, next) {
  res.locals.token = req.csrfToken();
  next();
});

我的路线:

app.post('/passportlogin', passport.authenticate('local-login', {....}), function(req, res){...});

我的登录表单中有一个隐藏字段,其名称为''_ csrf',我确认标记已初始化。当我将表格(POST)提交给护照认证时,快递会返回403未经授权的错误,如下所示。

知道如何使用express& amp;来设置csrf护照?

Express
403 Error: Forbidden
at Object.exports.error (node_modules\express\node_modules\connect\lib\utils.js:63:13)
at createToken (node_modules\express\node_modules\connect\lib\middleware\csrf.js:82:55)
at Object.handle (node_modules\express\node_modules\connect\lib\middleware\csrf.js:48:24)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at Object.handle (node_modules\connect-flash\lib\flash.js:21:5)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at SessionStrategy.strategy.pass (node_modules\passport\lib\middleware\authenticate.js:314:9)
at SessionStrategy.authenticate (node_modules\passport\lib\strategies\session.js:67:10)
at attempt (node_modules\passport\lib\middleware\authenticate.js:337:16)
at Object.authenticate [as handle] (node_modules\passport\lib\middleware\authenticate.js:338:7)

0 个答案:

没有答案