AdonisJS Error Code "EBADCSRFTOKEN" in Postman in PUT,POST,DELETE operation

Question

I have created REST API in AdoniJs. In this I have created API endpoints for CRUD operations with GET, POST, PUT and DELETE menthods. I am using shieldjs as a middleware to verify CSRF token. I am making API calls from Postman.

Firstly I am calling GET method of API and I am getting the expected data properly and 3 cookies as part of response, out of which, one is XSRF-TOKEN.

But when I am calling PUT, POST and DELETE methods by setting key X-XSRF-TOKEN to the value of XSRF-TOKEN from the cookie in request header, I am getting error EBADCSRFTOKEN as response in Postman.

Configuration of CSRF in ShieldJS in shield.js file

csrf: {
    enable: true,
    methods: ['POST', 'PUT', 'DELETE'],
    filterUris: [],
    cookieOptions: {
      httpOnly: false,
      sameSite: true,
      path: '/',
      maxAge: 7200
    }
}

Code of Error Handler in handler.js file

async handle (error, {request, response }) {
    if (error.code === 'EBADCSRFTOKEN') {
        response.forbidden(error.code)
        return
    }
}

When I am changing value of enable: false for csrf in ShieldJs then its working fine but after I do enable: true I am getting the error EBADCSRFTOKEN.

I should not get this error code as I am sending xsrf token.

Answer 1

Put filterUris in your route path like this

csrf: {
    enable: true,
    methods: ['POST', 'PUT', 'DELETE'],
    filterUris: ['/firstroute','*',],
    cookieOptions: {
      httpOnly: false,
      sameSite: true,
      path: '/',
      maxAge: 7200
    }
  }

More read about csrf visit this website adonisjs

---

Second way is

• Create REST API project. when creating API then not need a view. This error generates when not getting csrftoken. So you can try to create a project for the only API not include view like this adonis new projectname --api-only

More info follow this link how to create an API project.