Reputation: 1348
Generating _csrf in Express?
I'm a newbie. I'm using a browser plugin that hits my node server, and need a csrf token.
What I have isn't generating anything:
app.use(express.csrf());
app.dynamicHelpers({
token: function(req, res) {
return req.session._csrf;
}
});
...and then I reference token in my jade file
input(type="hidden", token=token)
I don't understand what should be generating the token--guessing connect. Regardless I don't see a value.
tried console.log(token) as well //undefined
I posed the question here and had it working, but now it's not after upgrading to node .67 and updating modules. How do I generate CSRF tokens in Express?
Any help for a guy down on his luck? :)
Upvotes: 1
Views: 1045
Answers (1)
Reputation: 5484
Make sure app.use(express.csrf()); is in the right order within your app.configure(). It needs to follow express.session(), express.cookieParser(), app.bodyParser(), app.query() -- and anything else that parses the submitted CSRF token into the req object.
Upvotes: 1
Related Questions
- Node - Express 4 csrf
- How to implement CSRF protection in Ajax calls using express.js (looking for complete example)?
- How to implement CSRF protection for GET requests in Express?
- Express.js csrf token with jQuery Ajax
- Using CSRF in NodeJS
- csrf token using
- How do I generate CSRF tokens in Express?
- CSRF Protection in ExpressJS
- Express+node CSRF Forbidden
- How to enable csrf in express3?