Answer the question
In order to leave comments, you need to log in
7
7
700Hp2022-01-29 00:10:27
700Hp, 2022-01-29 00:10:27
Why does the server return 500 status after setting csrf?
index.js
// Middleware
app.use(express.json())
app.use(cookieParser())
app.use(cors({
origin: 'http://localhost:8081',
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE']
}))
app.use(csrf({cookie: {httpOnly: true} }))
app.use(helmet.frameguard({ action: 'SAMEORIGIN' }))
app.use(safetyMiddleware)
app.use('/api', router)
// Возможные ошибки с IOS
app.use(errorMiddleware)safety-middleware
module.exports = function (req, res, next) {
res.set("Content-Security-Policy", "default-src 'self'")
res.set("X-XSS-Protection", "1; mode=block")
res.set("X-Content-Type-Options", "nosniff")
// res.set("XSRF-Token", req.csrfToken())
next()
}As soon as I remove csrf from index.js, the server works again, but the req.csrfToken () function is no longer available.
Found a way online. Send the token in the header of the request + sew it into the payload jwt. On the front, add to localStorage and put it in the header before every request to the server.
I have no experience in such development, hence a few questions.
1. How correct is the specified approach?
2. Why does the server give 500 status?
Thanks for the answer.
Similar questions
R
K
A
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question