问题描述
我正在尝试首次实现csrf令牌,但遇到了问题。我已经工作了几个小时,却无法解决它。以下是我遇到的错误:
ForbiddenError: invalid csrf token
app.js
const express = require('express')
const app = express()
const router = require('./router')
const cookieParser = require('cookie-parser')
const session = require('express-session')
const flash = require('connect-flash')
const dotenv = require('dotenv')
const csrf = require('csurf')
dotenv.config()
app.use(express.urlencoded({extended: false}))
app.use(express.json())
app.use(express.static('public'))
app.use(cookieParser('secret'))
app.use(session({
secret: 'secret',cookie: {maxAge: null},resave: false,saveUninitialized: false
}))
app.use(flash())
app.set('views','views')
app.set('view engine','ejs')
app.use(csrf())
app.use(function(req,res,next) {
res.locals.csrftoken = req.csrftoken()
next()
})
app.use('/',router)
app.use(function (req,next) {
res.status(404).render('404')
})
app.use(function (err,req,next) {
console.error(err.stack)
res.status(500).render('404')
})
app.listen(process.env.PORT)
router.js
const express = require('express')
const multer = require('multer')
const multerConfigOpts = require('./multer.config')
const router = express.Router()
const userController = require('./controllers/userController')
const csrf = require('csurf')
var csrfProtection = csrf({ cookie: true })
// set multer configuration options
const upload = multer(multerConfigOpts)
router.get('/',userController.home)
router.get('/about',userController.about)
router.get('/employer',userController.employer)
router.get('/jobSeeker',userController.jobSeeker)
router.get('/ourProcess',userController.process)
router.get('/contact',userController.contactUs)
// Talent Request Post related routes
router.post('/talentrequest',upload.none(),userController.requestTalent)
// Job Request Post related routs
router.post('/jobrequest',csrfProtection,upload.single('resume'),userController.requestJob)
module.exports = router
我的表单示例:
<form action="/jobrequest" method="POST" enctype="multipart/form-data">
<input type="hidden" name="_csrf" value="<%= csrftoken %>">
<button type="submit" class="btn--form-submit">Submit</button>
</div>
</form>
还有更多的数据字段,我只是不想用不必要的代码来夸大问题。我一直在阅读其他人在表单中使用multipart时也遇到类似的问题,但是我似乎无法弄清楚。
我知道我的令牌是在表单内部生成的,但是我不确定它是否可以正确传递。任何帮助或指针,将不胜感激。谢谢
解决方法
因此,我可以通过在表单中添加以下内容并从表单中删除reinterpret_cast来找到解决方案的方法
reinterpret_cast一切正常。谁能解释与此相关的潜在风险?