问题描述
我试图让 csurf 工作,但似乎偶然发现了一些东西。到目前为止的代码如下所示:
index.ejs
<form method="post" action="/add">
<input type="hidden" name="_csrf" value="<%= csrftoken %>"></form>
app.js
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
const mongoose = require('mongoose');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);
var flash = require('req-flash');
var multer = require('multer');
var csrf = require('csurf');
var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var store = new MongoDBStore ({
uri: 'mongodb+srv:',collection: 'my Session'
});
var app = express();
// view engine setup
app.set('views',path.join(__dirname,'views'));
app.set('view engine','ejs');
var csrfProtection = csrf({});
app.use(session({
secret: 'keyboard cat',resave: false,saveUninitialized: false,store: store,// cookie: { secure: true }
}))
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname,'public')));
app.use('/images',express.static(path.join(__dirname,'images')));
app.use(csrfProtection);
app.use(flash());
app.use('/',indexRouter);
app.use('/users',usersRouter);
// catch 404 and forward to error handler
app.use(function(req,res,next) {
next(createError(404));
});
// error handler
app.use(function(err,req,next) {
// set locals,only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
index.js
exports.getStudent = (req,next) => {
Student.find()
.then(students => {
console.log(students);
res.render('studentList',{
studentlist: students,title : 'Student List',path: '/studentList',isAuth : req.session.isLoggedIn,csrftoken : req.csrftoken()
});
// console.log( req.session.isLoggedIn,'32')
})
};
提交表单后得到的结果,无论我输入的用户名和密码是否正确,仍然出现相同的错误:
无效的 csrf 令牌
403
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)