Jesper
Reputation: 2094
Error: misconfigured csrf - Express.js
I'm getting Error: misconfigured csrf when I'm trying to access my login-page. I'm implementing the csurf to a router, but I'm just getting the response statuscode 500.
Implementation:
let router = require("express").Router();
let PostLoginResource = require("./../resources/PostLoginResource");
let RateLimit = require("express-rate-limit");
let csrf = require("csurf");
let csrfProtection = csrf({ cookie: true });
router.route("/login")
.get(csrfProtection, function(req, res) {
// Do some stuff
})
.post(loginLimiter, function(req, res) {
PostLoginResource(req, function(success, err) {
// Do some stuff
})
});
I'm starting the session-cookie before I'm using this module in app.js:
// Parse the request body as JSON
app.use(bodyParser.json());
// Parse the URL encoded data
app.use(bodyParser.urlencoded({extended: true}));
// Set up session-cookie
app.use(session({
secret: "secret",
resave: false,
saveUninitialized: true,
cookie: {secure: true,
httpOnly: true,
maxAge: 1000 * 60 * 60 * 24
}
}));
Still, this is not working. Anyone knows what the problem is?
Upvotes: 0
Views: 2918
Answers (1)
Remario
Reputation: 3863
var cookieParser = require('cookie-parser')
parse cookies we need this because "cookie" is true in csrfProtection
app.use(cookieParser())
Upvotes: 1
Related Questions
- ForbiddenError: invalid csrf token, express js
- How to solve: "ForbiddenError: invalid csrf token"
- Error: misconfigured csrf - Express JS 4
- "message":"invalid csrf token","code":"EBADCSRFTOKEN"
- NodeJS: misconfigured csrf
- ExpressJS: Misconfigured CSRF
- Invalid CSRF token error (express.js)
- Impossible to get rid of ForbiddenError: invalid csrf token on express with csurf
- Express+node CSRF Forbidden
- TypeError: Cannot read property '_csrf' of undefined