Express.js csrf“配置错误的csrf”错误 [英] Express.js csrf "misconfigured csrf" error
问题描述
我创建了一个新的Express应用(4.13.1),但未添加任何内容。我将尝试使其与Angular一起使用,但我始终处于困境。
我现在正在使用express-jwt(cookies)处理身份验证,因此我没有处理会话(在Redis,Mongo中存储会话)之类的东西。
这是我添加到我的app.js中的内容。
var csrf = require('csurf');
app.use(cookieParser(’randomStringisHere222’));
app.use(csrf());
app.use(function(req,res,next){
res.cookie('XSRF-TOKEN',req.csrfToken());
return next();
});
当我访问 localhost:3000 时,我得到上面的错误。 /Users/itsme/Desktop/k/node_modules/csurf/index.js:195:11)csrf上的
(/Users/itsme/Desktop/k/node_modules/csurf/index.js:60:18)$在Layer.handle处的b $ b [作为handle_request](/Users/itsme/Desktop/k/node_modules/express/lib/router/layer.js:95:5)
在trim_prefix(/ Users / itsme / Desktop /k/node_modules/express/lib/router/index.js:312:13)
在/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:280:7
在Function.process_params(/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:330:12)
在下一个(/ Users / itsme / Desktop / k / node_modules / express / lib / router / index.js:271:10)cookieParser中的
(/Users/itsme/Desktop/k/node_modules/cookie-parser/index.js:48:5)
在Layer .handle [作为handle_request](/ Users / itsme / Desktop / k / node_m odules / express / lib / router / layer.js:95:5)
在trim_prefix(/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:312:13)
下面的代码对我有用。如果您仍然遇到问题,请告诉我。
如前所述,您没有使用Session,这使csurf意识到您正在使用cookie来设置CSRF令牌。
第1步:配置
var csrf = require('csurf');
var cookieparser = require('cookie-parser');
// cookieparser必须放在csrf
app.use(bodyparser.urlencoded({extended:false}))之前;
app.use(cookieParser(’randomStringisHere222’));
app.use(csrf({cookie:{key:XSRF-TOKEN,path:’/’}})));
//在此处添加您的应用路由
app.use( / api,person);
app.use( /,home);
步骤2:
在路线中,
res.render('myViewPage',{csrfTokenFromServer:req.csrfToken()});
第3步:在HTML中为csrf令牌
包含一个隐藏字段示例:
< form action = / api / person method = POST>
< input type = hidden name = _ csrf value =<%= csrfTokenFromServer%> />
名字:< br>
<输入类型=文本 name =名字 value =>
< br>
姓氏:< br>
< input type = text name = lastname value =>
< br>
< input type = submit value = Submit>
< / form>
I created a new Express app (4.13.1) and didn't add anything. I'll try to make it work with Angular, but I stuck in the first place.
I'm handling authentication using express-jwt (cookies) for now, so I'm not dealing with sessions (storing sessions in Redis, Mongo, etc) or something.
Here's what I've added to my app.js.
var csrf = require('csurf');
app.use(cookieParser('randomStringisHere222'));
app.use(csrf());
app.use(function(req, res, next) {
res.cookie('XSRF-TOKEN', req.csrfToken());
return next();
});
When I visit localhost:3000, I get the error above.
misconfigured csrf
Error: misconfigured csrf
at getsecret (/Users/itsme/Desktop/k/node_modules/csurf/index.js:195:11)
at csrf (/Users/itsme/Desktop/k/node_modules/csurf/index.js:60:18)
at Layer.handle [as handle_request] (/Users/itsme/Desktop/k/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:312:13)
at /Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:280:7
at Function.process_params (/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:330:12)
at next (/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:271:10)
at cookieParser (/Users/itsme/Desktop/k/node_modules/cookie-parser/index.js:48:5)
at Layer.handle [as handle_request] (/Users/itsme/Desktop/k/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/Users/itsme/Desktop/k/node_modules/express/lib/router/index.js:312:13)
Below code is working for me. Let me know in case you still face issue.
As mentioned that you are not using Sessions, you have make csurf aware that you are using cookies for setting the CSRF token.
Step1: Configuration
var csrf = require('csurf');
var cookieparser= require('cookie-parser');
//cookieparser must be placed before csrf
app.use(bodyparser.urlencoded({extended:false}));
app.use(cookieParser('randomStringisHere222'));
app.use(csrf({cookie:{key:XSRF-TOKEN,path:'/'}}));
//add the your app routes here
app.use("/api", person);
app.use("/", home);
Step2: In the route,
res.render('myViewPage',{csrfTokenFromServer:req.csrfToken()});
Step3: Include a hidden field in the HTML for csrf token Example:
<form action="/api/person" method="POST">
<input type="hidden" name="_csrf" value=<%=csrfTokenFromServer %> />
First name:<br>
<input type="text" name="firstname" value="">
<br>
Last name:<br>
<input type="text" name="lastname" value="">
<br><br>
<input type="submit" value="Submit">
</form>
这篇关于Express.js csrf“配置错误的csrf”错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
