我正在制作NodeJS Express应用程序,在某种情况下会收到用户的请求,然后将请求转发给第三方网站,一旦收到第三方的响应,就会将其转发给用户。没什么太复杂的。
我遇到了HTTP模块axios的问题。因为它似乎内置了某种XSRF保护,这导致我的应用程序抛出错误,即使来自用户的请求数据在其他任何操作之前都已经过验证。这是我的代码的简化版本:
const
express = require('express'),
router = express.Router(),
{ join } = require('path'),
axios = require('axios')
router.get('/:logId', (req, res, next) => {
const { logId } = req.params
// validate logId, 1 or more digit number
const pathRegex = /^\/?\d+$/g
if (!pathRegex.test(logId)) res.status(400).end()
else {
const urlStr1 = join('http://example.com/', logId)
// another string for comparison
const urlStr2 = 'http://example.com/123'
// this successfully logs out the expected result to console
axios.get(urlStr2)
.then(console.log)
.catch(console.warn)
// this throws an error
axios.get(urlStr1)
.then(console.log)
.catch(console.warn)
}
})
如代码注释中所述,如果我使用我在服务器上创建的字符串发送请求,一切正常,但是如果我使用字符串,则是从用户的请求数据(1位数字)派生的),抛出以下错误:
Error: connect ECONNREFUSED 127.0.0.1:80
at Object.exports._errnoException (util.js:1012:11)
at exports._exceptionWithHostPort (util.js:1035:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1080:14)
code: 'ECONNREFUSED',
errno: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 80,
config:
{ adapter: [Function: httpAdapter],
transformRequest: { '0': [Function: transformRequest] },
transformResponse: { '0': [Function: transformResponse] },
timeout: 0,
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: -1,
validateStatus: [Function: validateStatus],
headers:
{ Accept: 'application/json, text/plain, */*',
'User-Agent': 'axios/0.15.3' },
method: 'get',
url: 'http:/example.com/44',
data: undefined },
response: undefined }
看起来像是在XSRF保护中内置的axios。除了使用其他HTTP请求包之外,还有任何想法如何绕过它?