CSURF角度实施 [英] CSURF Angular Implementation
问题描述
我一直试图做一个个人项目,我一直在一个csurf实现。我一直在寻找谷歌所有的地方,试图找出如何时,我没有使用像翡翠或EJS模板引擎在窗体上实现csurf。我的前preSS服务器也不能直接呈现网页,但主要是返回JSON。我已经我所有的前端被引用像这样
app.use(如press.static(__目录名称+'/ WWW'));
这是使用csurf我的服务器code看起来像这样
app.use(csurf());app.use(功能(REQ,资源,下一个){
res.cookie('XSRF-TOKEN,req.csrfToken());
下一个();
});
在为HTML输入字段看起来像这样形式的前端。我也使用AngularJS并根据例子我都看见我应该做的就是这个。
<输入类型=隐藏的名字=_ CSRFVALUE ={{csrftoken}}>
我收到以下错误在终端
错误:无效的CSRF令牌
如果我检查隐藏的输入,这是显示的内容。
<输入类型=隐藏的名字=_ CSRFVALUE =>
在你的控制器,你需要设置一个局部变量来等于CSRF cookie的值
例如
.controller('YourCtrl',函数($饼干,$范围){
$ scope.csrftoken = $ cookies._csrf
}
);
有关这个例子工作,你将需要包括ngCookies模块,所以包括像这样在您的index.html
<脚本SRC =bower_components /角饼干/角cookies.js>< / SCRIPT>
然后添加依赖ngCookies'到您的模块。
I have been trying to do a csurf implementation on a personal project I have been working on. I have been searching google all over the place to try to figure out how to implement csurf on a form when I am not using a templating engine like Jade or EJS. My express server is also not directly rendering the pages but is mainly returning JSON. I have all of my front end being referenced like so
app.use(express.static(__dirname + '/www'));
my server code that is using the csurf looks like this
app.use(csurf());
app.use(function (req, res, next) {
res.cookie('XSRF-TOKEN', req.csrfToken());
next();
});
On the front end for the form the html input field looks like this. I am also using AngularJS and based on examples I have seen all I should have to do is this.
<input type="hidden" name="_csrf" value="{{csrftoken}}">
I am getting the following error in the terminal
Error: invalid csrf token
If I inspect the hidden input this is what is displayed.
<input type="hidden" name="_csrf" value="">
In your controller, you need to set a local variable to equal the value of the csrf cookie
e.g.
.controller('YourCtrl', function($cookies, $scope) {
$scope.csrftoken = $cookies._csrf
}
);
For that example to work you will need to include the ngCookies module, so include something like this in your index.html
<script src="bower_components/angular-cookies/angular-cookies.js"></script>
And then add the dependency 'ngCookies' to your module.
这篇关于CSURF角度实施的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!