admin管理员组文章数量:1289393
I'm having an issue with doubleCsrf in my Express.js backend, and I keep getting the following error on every request:
ForbiddenError: invalid csrf token
at doubleCsrf (file:///Users/admin/Documents/backend/node_modules/csrf-csrf/lib/esm/index.js:13:35)
at file:///Users/admin/Documents/backend/routes/auth/csrfMiddleware.js:10:5
at ModuleJob.run (node:internal/modules/esm/module_job:218:25)
at async ModuleLoader.import (node:internal/modules/esm/loader:329:24)
at async loadESM (node:internal/process/esm_loader:28:7)
at async handleMainPromise (node:internal/modules/run_main:113:12) {
code: 'EBADCSRFTOKEN
Backend:
Here is my middleware setup in csrfMiddleware.js:
import { doubleCsrf } from "csrf-csrf";
import dotenv from 'dotenv';
dotenv.config();
const {
doubleCsrfProtection,
generateToken,
invalidCsrfTokenError
} = doubleCsrf({
getSecret: () => process.env.VITE_CSRF_SECRET,
cookieName: "XSRF-TOKEN",
cookieOptions: {
httpOnly: false,
secure: false,
sameSite: "Lax",
path: "/",
partitioned: true,
},
ignoredMethods: ["GET", "HEAD", "OPTIONS"],
getTokenFromRequest: (req) => {
console.log("CSRF-token from request headers:", req.headers["x-csrf-token"]);
console.log("CSRF-token from cookies:", req.cookies["XSRF-TOKEN"]);
return req.cookies["XSRF-TOKEN"];
},
});
export { doubleCsrfProtection, generateToken, invalidCsrfTokenError };
Then in** server.js,** I generate and store the CSRF token in a cookie:
app.get('/api/auth/csrf-token', (req, res) => {
const csrfToken = generateToken(req, res);
res.clearCookie("XSRF-TOKEN");
res.cookie("XSRF-TOKEN", csrfToken, {
httpOnly: false,
secure: false,
sameSite: "Lax",
path: "/"
});
res.json({ csrfToken });
});
//
版权声明:本文标题:javascript - Getting "ForbiddenError: invalid csrf token" with doubleCsrf in Express.js - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人,
转载请联系作者并注明出处:http://www.betaflare.com/web/1741471587a2380638.html,
本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论