棱角分明，前pressjs和Lusca CSRF保护 [英] Angular, Expressjs and Lusca csrf protection

问题描述

我调查我的Angularjs和Ex pressjs CSRF保护（4.x版）的应用程序。

I am investigating csrf protection with my Angularjs and Expressjs (4.x) app.

目前我正在试图让Lusca（ https://www.npmjs.org/package/lusca ）的工作有没有成功的标准CSRF包（ https://www.npmjs.org /包/ CSRF ）。

I am currently trying to get Lusca (https://www.npmjs.org/package/lusca) to work having not been successful with the standard csrf package (https://www.npmjs.org/package/csrf).

我已经包括lusca像这样：

I have included lusca like so:

var lusca = require('lusca');
app.use(lusca.csrf());

在我Angularjs应用程序我有这个在我的主要app.js文件：

and in my Angularjs app I have this in my main app.js file:

app.run(function($rootScope, $http, $cookies, user) {

  $http.defaults.headers.post['x-csrf-token'] = $cookies._csrf;

});

不过，我总是得到一个403错误，当我尝试发布任何节点服务器。谁能帮助，甚至给我的标准CSRF包的方式？

however, I'm always getting a 403 error when I try to POST anything to the node server. Can anyone help or even show me the way with the standard csrf package?

推荐答案

您应该阅读

https://docs.angularjs.org/api/ng/service/ $ HTTP

在这里只讲保护XSRF底部

at the bottom where they talk about XSRF protection

，这将是一个结构例同时设置标题和饼干

this would be a configuration example to set both the header and the cookie

AP.config(['$httpProvider', function($$httpProvider) {
    $httpProvider.defaults.xsrfHeaderName="xsrf header name";
    $httpProvider.defaults.xsrfCookieName="xsrf cookie name";

}]);

这篇关于棱角分明，前pressjs和Lusca CSRF保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！