如何在Express中生成CSRF令牌? [英] How do I generate CSRF tokens in Express?
本文介绍了如何在Express中生成CSRF令牌?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
新手。
我正在使用ExpressJS / Node。这是我的配置文件:
newbie. I'm using ExpressJS/Node. Here's my config stuff:
var express = require('express'),
app = express.createServer(),
jade=require('jade');
// Configuration
app.configure(function(){
app.set('views', __dirname + '/views');
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.session({ secret: "secretive secret" }));
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(require('stylus').middleware({ src: __dirname + '/public' }));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
app.use(express.csrf());
我发现csrf.js在Express目录中,看到它应该生成并分配给req.body._csrf,但是我不知道如何访问它。
I found csrf.js in Express directories, and see that it should be generated and assigned to req.body._csrf, but I'm not sure how to access it.
这里是csrf.js代码
Here's the csrf.js code
module.exports = function csrf(options) {
var options = options || {}
, value = options.value || defaultValue;
return function(req, res, next){
// generate CSRF token
var token = req.session._csrf || (req.session._csrf = utils.uid(24));
// ignore GET (for now)
if ('GET' == req.method) return next();
// determine value
var val = value(req);
// check
if (val != token) return utils.forbidden(res);
next();
}
};
帮助?谢谢!
推荐答案
动态帮助者自3.x以来已从Express中删除。
Dynamic helpers has been removed from Express since 3.x.
新的使用将是 app.use(express.csrf());
,它来自 Connect 。
The new usage would be app.use(express.csrf());
, which comes from Connect.
这篇关于如何在Express中生成CSRF令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文