错误:配置错误的csrf - Express.js

时间:2017-03-01 12:31:57

标签: javascript express csrf

我正在尝试访问登录页面时收到Error: misconfigured csrf。我正在将csurf实现到路由器,但我只是得到响应状态码500。

实现:

let router = require("express").Router();

let PostLoginResource = require("./../resources/PostLoginResource");
let RateLimit = require("express-rate-limit");
let csrf = require("csurf");

let csrfProtection = csrf({ cookie: true });

router.route("/login")
    .get(csrfProtection, function(req, res) {
        // Do some stuff
    })

    .post(loginLimiter, function(req, res) {

        PostLoginResource(req, function(success, err) {
            // Do some stuff
        })

    });

我在app.js中使用此模块之前启动了session-cookie:

// Parse the request body as JSON
app.use(bodyParser.json());

// Parse the URL encoded data
app.use(bodyParser.urlencoded({extended: true}));

// Set up session-cookie
app.use(session({
    secret: "secret",
    resave: false,
    saveUninitialized: true,
    cookie: {secure: true,
        httpOnly: true,
        maxAge: 1000 * 60 * 60 * 24
    }
}));

但是,这不起作用。谁知道问题是什么?

1 个答案:

答案 0 :(得分:0)

var cookieParser = require('cookie-parser')

解析cookie   我们需要这个因为" cookie"在csrfProtection中是正确的

app.use(cookieParser())