csrf from提交问题
发布于 11 年前 作者 pengqinglan 4818 次浏览 最后一次编辑是 8 年前

提交后显示如下错误 Express

403 Error: invalid csrf token
at createToken (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/node_modules/csurf/index.js:73:19)
at Object.handle (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/node_modules/csurf/index.js:47:24)
at next (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/proto.js:193:15)
at Object.staticMiddleware [as handle] (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/node_modules/serve-static/index.js:55:61)
at next (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/proto.js:193:15)
at Object.methodOverride [as handle] (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/node_modules/method-override/index.js:48:5)
at next (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/proto.js:193:15)
at multipart (/home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/middleware/multipart.js:93:27)
at /home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:64:9
at /home/lan/Desktop/node/MyBlog/node_modules/express/node_modules/connect/lib/middleware/urlencoded.js:73:7

app configure 如下

app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.set('view options', { layout: true });
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.cookieParser());
app.use(express.session({
    secret: "golb",
    cookie: { maxAge: 24 * 60 * 60 * 1000 },
    store: new mongoStore({
        url: utils.dbConnectionUrl(config.db)
    })
}));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.csrf());
app.use(function(req, res, next) {
    res.locals.token = req.session._csrf;
    next();
});
app.use(function(req, res, next) {
    res.locals.session = req.session;
    next();
});
3 回复

form 里也加了 input(type=‘hidden’, name=’_csrf’, value=’#{token}’) 新人刚接触node 昨天折腾了一下午 请求讲解 不甚感激!

同求你的问题,不知道楼主解决了没有?能否分享出来

这样改试试: res.locals.token = req.session._csrf; –> res.locals.token = req.csrfToken();

回到顶部