我正在尝试访问登录页面时收到Error: misconfigured csrf
。我正在将csurf实现到路由器,但我只是得到响应状态码500。
实现:
let router = require("express").Router();
let PostLoginResource = require("./../resources/PostLoginResource");
let RateLimit = require("express-rate-limit");
let csrf = require("csurf");
let csrfProtection = csrf({ cookie: true });
router.route("/login")
.get(csrfProtection, function(req, res) {
// Do some stuff
})
.post(loginLimiter, function(req, res) {
PostLoginResource(req, function(success, err) {
// Do some stuff
})
});
我在app.js中使用此模块之前启动了session-cookie:
// Parse the request body as JSON
app.use(bodyParser.json());
// Parse the URL encoded data
app.use(bodyParser.urlencoded({extended: true}));
// Set up session-cookie
app.use(session({
secret: "secret",
resave: false,
saveUninitialized: true,
cookie: {secure: true,
httpOnly: true,
maxAge: 1000 * 60 * 60 * 24
}
}));
但是,这不起作用。谁知道问题是什么?
答案 0 :(得分:0)
var cookieParser = require('cookie-parser')
解析cookie 我们需要这个因为" cookie"在csrfProtection中是正确的
app.use(cookieParser())