Comments (2)
See the CSRF token guide:
For POST, PUT and DELETE requests a valid CSRF token with the field name of _csrf must be sent as well. The local variable is set by server.js so you can include it like this:
<form action="/" method="POST">
<input name="firstname">
<input type="submit" value="Contact us">
<input type="hidden" name="_csrf" value="{{csrf}}">
</form>
If you are using an API from Javascript, such as the new fetch() you can handle it this way:
<!-- within your main template -->
<script>
window.csrf = '{{csrf}}';
</script>
// Within your javascript.js/bundle.js/app.js
fetch('/', {
method: 'POST',
body: 'hello world',
credentials: 'include', // Important! to maintain the session
headers: { 'csrf-token': csrf } // From 'window'
}).then(...);
Or you could also just disable it if you know what you are doing:
server({ security: { csrf: false } }, ...);
from server.
For extra context (heh) for APIs, the CSRF token is in your context as ctx.csrf
so you can pass it along e.g. on login:
get('/login', ctx => {
// Do your logic
return {
user,
csrf: ctx.csrf
};
});
from server.
Related Issues (20)
- When trying to render page I get ERROR { Error: Your middleware did not return anything to the user. This normally happens when no route was matched or if the router did not reply with anything. HOT 5
- Improve the UI of the documentation site HOT 2
- throw new TypeError('argument res is required') HOT 2
- How to configure socket.io? HOT 5
- TypeScript HOT 1
- Handling file uploads with multipart/form-data POST requests HOT 6
- Upgrading Helmet to the next major version HOT 3
- How to configure https server ? HOT 2
- How to create, set a name and send a file dynamically create HOT 9
- Basic usage example in docs is incorrect HOT 2
- Issues running cookie test code HOT 5
- Bug method POST vs PUT is not working
- How integrat ApolloGraphql use serverjs HOT 1
- Any schedule for migrating to socket.io 4.x? HOT 6
- Heroku wrong IP HOT 2
- Add CORS package to the core HOT 1
- Change csurf to something maintained HOT 1
- Update formidable HOT 1
- [PSA] update to [email protected] for `rediss://` usage
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.