在AWS服务器上无效的CSRF令牌，但在localhost上可以正常使用

Question

我在aws服务器上得到ForbiddenError: invalid csrf token，但在localhost上工作正常。 我已经尝试过其他关于stackoverflow的解决方案，但似乎没有用。 我正在附加服务器文件和路由器文件。请检查代码

SERVER.js

const express = require('express');
const mongoose = require('mongoose');
const passport = require('passport');
const cookieparser = require('cookie-parser');
const bodyParser = require('body-parser');
const session = require('express-session');

/******************************************
 * RUNNING EXPRESS MIDDLEWARE
 *****************************************/
const app = express();

/******************************************
 * BODY PARSER INITILIZATION
 *****************************************/
app.use( bodyParser.urlencoded( { extended : false } ) );
app.use( bodyParser.json() );
/******************************************
 * COOKIE PARSER INITILIZATION
 *****************************************/
app.use( cookieparser());
app.use( session({ secret : 'mysuperAdminDavis@HasCookire', resave : false, saveUninitialized :false }));
/******************************************
 * DATABASE INITILIZATION
 *****************************************/
const db = require('./config/keys').mongoURI;
mongoose.connect( db , { useNewUrlParser: true, useFindAndModify : false, useCreateIndex : true })
    .then(() => console.log('Database Connected Successfully!!!!'))
    .catch((err) => console.log('Error while connecting to Database' + err ));

/******************************************
 * PASSPORT INITILIZATION
 *****************************************/
app.use( passport.initialize() );
require('./config/passport');

/******************************************
 * CORS CONFIGURATION
 *  app.use(( req,res,next ) => {
   res.header("Access-Control-Allow-Origin","*");
   res.header("Access-Control-Allow-Headers",
   "*");
   res.header("Access-Control-Allow-Credentials", "*")
   if( req.method === "OPTIONS" ){
     res.header('Access-Control-Allow-Methods','PUT, POST, PATCH, DELETE, GET ');
     return res.status(200).json({});
   }
   next();
 })

 *  CROSS-SITE ORIGIN - ALLOW
 *  *****************************************/
app.use( ( req, res, next ) => {
    res.header("Access-Control-Allow-Origin","*");
    res.header("Access-Control-Allow-Headers","*");
    next();
});


/******************************************
 * ROUTER
 *****************************************/
var userRoutes = require('./server/Routes/userRoutes');
app.use('/user', userRoutes );



/******************************************
 * START EXPRESS SERVER AT PORT 5001
 *****************************************/
const PORT = process.env.PORT || 5001;
app.listen( PORT, () => console.log(`Content CMS started on ${PORT}`) );

userRouter.js

var express = require('express');
var router = express.Router();
var csrf = require('csurf');
var csrfProtection = csrf({ cookie :true });
router.use( csrfProtection );

/***********************************
 * CSRF TOKEN FOR USER ROUTES
 * @DESC - GET CSRFTOKEN FOR PROTECTION
 * @ACCESS - PUBLIC
 ***********************************/
router.get('/getCsrfToken', csrfProtection, ( req ,res ,next ) => {
    return res.json( req.csrfToken() );
})




router.post('/login', ( req,res, next ) => {
    return res.send('Hello send');
})

router.get('/login', ( req, res, next ) => {
    res.send('Hello');
})

module.exports = router;

我正在调用/user/getCsrfToken的Api，这是一个get API，然后它发回csrf。...

但是在使用/user/login进行有效负载为 { _csrf : "<csrfToken>", email : "sasd@gmail.com", password : "asdasd" }

但它总是返回 “禁止：无效的csrf令牌”