Comments (2)
franciscop
commented on June 5, 2024
See the CSRF token guide:
For POST, PUT and DELETE requests a valid CSRF token with the field name of _csrf must be sent as well. The local variable is set by server.js so you can include it like this:
<form action="/" method="POST">
<input name="firstname">
<input type="submit" value="Contact us">
<input type="hidden" name="_csrf" value="{{csrf}}">
</form>If you are using an API from Javascript, such as the new fetch() you can handle it this way:
<!-- within your main template -->
<script>
window.csrf = '{{csrf}}';
</script>
// Within your javascript.js/bundle.js/app.js
fetch('/', {
method: 'POST',
body: 'hello world',
credentials: 'include', // Important! to maintain the session
headers: { 'csrf-token': csrf } // From 'window'
}).then(...);Or you could also just disable it if you know what you are doing:
server({ security: { csrf: false } }, ...);from server.
franciscop
commented on June 5, 2024
For extra context (heh) for APIs, the CSRF token is in your context as ctx.csrf so you can pass it along e.g. on login:
get('/login', ctx => {
// Do your logic
return {
user,
csrf: ctx.csrf
};
});from server.
Related Issues (20)
- When trying to render page I get ERROR { Error: Your middleware did not return anything to the user. This normally happens when no route was matched or if the router did not reply with anything. HOT 5
- Improve the UI of the documentation site HOT 2
- throw new TypeError('argument res is required') HOT 2
- How to configure socket.io? HOT 5
- TypeScript HOT 1
- Handling file uploads with multipart/form-data POST requests HOT 6
- Upgrading Helmet to the next major version HOT 3
- How to configure https server ? HOT 2
- How to create, set a name and send a file dynamically create HOT 9
- Basic usage example in docs is incorrect HOT 2
- Issues running cookie test code HOT 5
- Bug method POST vs PUT is not working
- How integrat ApolloGraphql use serverjs HOT 1
- Any schedule for migrating to socket.io 4.x? HOT 6
- Heroku wrong IP HOT 2
- Add CORS package to the core HOT 1
- Change csurf to something maintained HOT 1
- Update formidable HOT 1
- [PSA] update to [email protected] for `rediss://` usage
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.