将csurf与react-server一起使用
[英]Using csurf with react-server
问题描述
I would like to add csurf as an express middleware inside the react-server for a universal app. 
我想将csurf作为通用应用程序的react-server内部的快速中间件添加。
What I want to achieve is adding the csrf token to a hidden input in a form in the react component to maintain the same csrf protection flow a server-rendered website would provide, but within a SPA. 我要实现的目标是,在react组件中以某种形式将csrf令牌添加到隐藏的输入中,以维持服务器呈现的网站将提供的csrf保护流,但该流在SPA中。
Is this technically possible within the react-server? 从技术上讲,这在反应服务器中可行吗? If so, how can I pass the csrf token that is available in the response object to the react component via the page (ideally)? 如果是这样,如何将响应对象中可用的csrf令牌通过页面传递给react组件(理想情况下)?
1 个解决方案
解决方案1
2 2017-07-19 22:39:55
I actually ran into the same problem and luckily happened to come across the solution here: https://github.com/kriasoft/react-starter-kit/issues/1142 我实际上遇到了同样的问题,幸运的是,碰巧在这里遇到了解决方案: https : //github.com/kriasoft/react-starter-kit/issues/1142
to use it just do: 要使用它,只需执行以下操作:
app.use(csrf({ cookie: true, value: (req) => (req.cookies.csrfToken) }));
and then for every get request set a cookie with the csrf token: 然后为每个获取请求设置一个带有csrf令牌的cookie:
res.cookie('csrfToken', req.csrfToken ? req.csrfToken() : null, { sameSite: true, httpOnly: true });
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.