Reputation: 60
NodeJS how to set csrf token correctly?
This is a continuation of this question: Rest-auth still reports the error of "CSRF cookie not set", but I've set the csrf
The code I used for server.js is:
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
app.use(cookieParser());
app.use(csrf({ cookie: true }));
app.use(function (req, res, next) {
res.cookie('csrfmiddlewaretoken', req.csrfToken());
next();
});
However, the result is
The reason I think is that I didn't set the cookie correctly. I tried to remove app.use(csrf({ cookie: true }));, but then it shows an error of csrf misconfigured.
In fiddler, I can see there are two tokens in the cookie, one default, one set by res.cookie('csrfmiddlewaretoken', req.csrfToken());, how can I set the cookie in the correct way?
UPDATE:
I kind of figured out a brute-force way to change the name of _csrf to csrfmiddlewaretoken.
app.use(function (req, res, next) {
res.cookie('csrfmiddlewaretoken', req.cookies._csrf);
next();
})
Then, in fiddler, I see the value are same.
But the django rest-auth still reports fail like:
Maybe that's not about the name. I am still researching....
Upvotes: 0
Views: 1697
Answers (1)
Reputation: 632
JiPanNYC, maybe you forgot to add
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
)
}
in your settings.py
Upvotes: 2
Related Questions
- CSRF cookie not set [Django/AngularJS]
- django no csrftoken in cookie
- ReactJS & Django : How can I send csrf token with axios in a proper way?
- Setting Django CSRF Cookie
- CSRF token not working in nodejs express
- Rest-auth still reports the error of "CSRF cookie not set", but I've set the csrf
- Django CSRF cookie not set correctly
- Passing CSRF token from Node.js to Django
- How to use Django CSRF token correctly?
- Django CSRF Cookie Not Setting