CSURF角度实施 [英] CSURF Angular Implementation

问题描述

我一直试图做一个个人项目，我一直在一个csurf实现。我一直在寻找谷歌所有的地方，试图找出如何时，我没有使用像翡翠或EJS模板引擎在窗体上实现csurf。我的前preSS服务器也不能直接呈现网页，但主要是返回JSON。我已经我所有的前端被引用像这样

  app.use（如press.static（__目录名称+'/ WWW'））;
 

这是使用csurf我的服务器code看起来像这样

  app.use（csurf（））;app.use（功能（REQ，资源，下一个）{
    res.cookie（'XSRF-TOKEN，req.csrfToken（））;
  下一个（）;
}）;
 

在为HTML输入字段看起来像这样形式的前端。我也使用AngularJS并根据例子我都看见我应该做的就是这个。

 ＆LT;输入类型=隐藏的名字=_ CSRFVALUE ={{csrftoken}}＆GT;
 

我收到以下错误在终端

 错误：无效的CSRF令牌
 

如果我检查隐藏的输入，这是显示的内容。

 ＆LT;输入类型=隐藏的名字=_ CSRFVALUE =＆GT;
 

解决方案

在你的控制器，你需要设置一个局部变量来等于CSRF cookie的值

例如

  .controller（'YourCtrl'，函数（$饼干，$范围）{
    $ scope.csrftoken = $ cookies._csrf
  }
）;
 

有关这个例子工作，你将需要包括ngCookies模块，所以包括像这样在您的index.html

 ＆LT;脚本SRC =bower_components /角饼干/角cookies.js＆GT;＆LT; / SCRIPT＆GT;
 

然后添加依赖ngCookies'到您的模块。

I have been trying to do a csurf implementation on a personal project I have been working on. I have been searching google all over the place to try to figure out how to implement csurf on a form when I am not using a templating engine like Jade or EJS. My express server is also not directly rendering the pages but is mainly returning JSON. I have all of my front end being referenced like so

app.use(express.static(__dirname + '/www'));

my server code that is using the csurf looks like this

app.use(csurf());

app.use(function (req, res, next) {
    res.cookie('XSRF-TOKEN', req.csrfToken());
  next();
});

On the front end for the form the html input field looks like this. I am also using AngularJS and based on examples I have seen all I should have to do is this.

<input type="hidden" name="_csrf" value="{{csrftoken}}">

I am getting the following error in the terminal

Error: invalid csrf token

If I inspect the hidden input this is what is displayed.

<input type="hidden" name="_csrf" value="">

解决方案

In your controller, you need to set a local variable to equal the value of the csrf cookie

e.g.

.controller('YourCtrl', function($cookies, $scope) {
    $scope.csrftoken = $cookies._csrf
  }
);

For that example to work you will need to include the ngCookies module, so include something like this in your index.html

<script src="bower_components/angular-cookies/angular-cookies.js"></script>

And then add the dependency 'ngCookies' to your module.

这篇关于CSURF角度实施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！