最新版本的 express使用csrf问题
app.js
/**
* Module dependencies.
*/
var express = require('express');
var routes = require('./routes');
var user = require('./routes/user');
var http = require('http');
var path = require('path');
var app = express();
// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(express.cookieParser('sdfs'));
app.use(express.session());
app.use(express.csrf());
app.use(function(req,res,next){
res.locals.token = req.csrfToken()
next();
});
app.use(app.router);
app.use(require('less-middleware')({ src: path.join(__dirname, 'public') }));
app.use(express.static(path.join(__dirname, 'public')));
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
app.get('/', routes.index);
/**
* 用户相关操作
*/
app.get('/users', user.list);
app.get('/reg',user.reg);
app.post('/disposeReg',user.disposeReg);
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
页面使用 <input type=“hidden” name="_csrf" value="<%= token %>>">
一直提示430错误,然后看到吗csrf一直在变