Sailsjs + vuejs + axios + CSRF令牌 [英] Sailsjs + vuejs + axios + CSRF tokens

问题描述

我有些事不明白.总是收到错误403.我在frontend(vue.js)中有一个代码，在这里我从Sails.js中获得了一个令牌_csrf，没关系.

i some thing not understand. Always get an error 403. I have a code in frontend(vue.js), here I get a token _csrf from Sails.js, its ok.

axios.get('http://localhost:1337/csrfToken')
        .then(response => {

            this.$store.commit('csrf_update', response.data._csrf);
            console.log("_csrf===",response.data._csrf);
            axios.defaults.headers.post['X-CSRF-Token'] = response.data._csrf;
        })

我有一个后端sails.js，在security.js中设置

And i have a backend sails.js, settings in security.js

cors: {
 allRoutes: true,
 allowOrigins: 'http://localhost:8080',
 allowCredentials: false,
 allowRequestMethods:'GET, POST',
 allowRequestHeaders:'content-type, X-CSRF-Token'}, csrf: true

我有一个像这样的令牌_csrf: lM8avM1X-KvKz9v2zLnbQZFf8lKOThX9Llb4 并且在请求时出现错误403.

i have a token like that _csrf: lM8avM1X-KvKz9v2zLnbQZFf8lKOThX9Llb4 And i have error 403 when request.

axios.post('http://localhost:1337/login', form)
    .then(response => {
        this.$router.push('/kabinet');
    }).catch(error => { console.log(error); });

列表403

那是我的标题

标题

怎么了?

推荐答案

因此，一切都非常简单. 在(sails.js)文件security.js中更改allowCredentials: true上的allowCredentials: false，并在前端(vue.js)中更改轴距，像这样添加参数withCredentials: true

So, everything was very simple. In the (sails.js) file security.js to change allowCredentials: false on allowCredentials: true, and in frontend (vue.js) change axion, add parameter withCredentials: true like this

axios.get('http://localhost:1337/csrfToken',{ 
withCredentials: true
}).then(response => {
            console.log("_csrf===",response.data._csrf);
            axios.defaults.headers.post['X-CSRF-Token'] = response.data._csrf;
})

，并且在所有axios中，请求必须为withCredentials: true

and in all axios requests must be withCredentials: true

这篇关于Sailsjs + vuejs + axios + CSRF令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！