如何解决ForbiddenError:无效的 csrf 令牌,表达 js 但存储在数据库中
我试图让 csurf 工作,但似乎偶然发现了一些东西。到目前为止的代码如下所示:
index.ejs
<form method="post" action="/add">
<input type="hidden" name="_csrf" value="<%= csrftoken %>"></form>
app.js
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
const mongoose = require('mongoose');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);
var flash = require('req-flash');
var multer = require('multer');
var csrf = require('csurf');
var indexRouter = require('./routes/index');
var usersRouter = require('./routes/users');
var store = new MongoDBStore ({
uri: 'mongodb+srv:',collection: 'my Session'
});
var app = express();
// view engine setup
app.set('views',path.join(__dirname,'views'));
app.set('view engine','ejs');
var csrfProtection = csrf({});
app.use(session({
secret: 'keyboard cat',resave: false,saveUninitialized: false,store: store,// cookie: { secure: true }
}))
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname,'public')));
app.use('/images',express.static(path.join(__dirname,'images')));
app.use(csrfProtection);
app.use(flash());
app.use('/',indexRouter);
app.use('/users',usersRouter);
// catch 404 and forward to error handler
app.use(function(req,res,next) {
next(createError(404));
});
// error handler
app.use(function(err,req,next) {
// set locals,only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
index.js
exports.getStudent = (req,next) => {
Student.find()
.then(students => {
console.log(students);
res.render('studentList',{
studentlist: students,title : 'Student List',path: '/studentList',isAuth : req.session.isLoggedIn,csrftoken : req.csrftoken()
});
// console.log( req.session.isLoggedIn,'32')
})
};
提交表单后得到的结果,无论我输入的用户名和密码是否正确,仍然出现相同的错误:
无效的 csrf 令牌
403
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。