I am trying to send a simple ajax
request while using node.js
:
$.ajax({
type: "POST",
data: { name: "John", location: "Earth" }
})
But I am getting the following error:
POST http://localhost:3000/ 403 (Forbidden)jquery-2.1.3.min.js:4
n.ajaxTransport.k.cors.a.crossDomain.sendjquery-2.1.3.min.js:4
n.extend.ajaxVM475:2 (anonymous function)VM465:777
InjectedScript._evaluateOnVM465:710
InjectedScript._evaluateAndWrapVM465:626 InjectedScript.evaluate
I have a controller set up that handles other types of POST requests, but for some reason it won't handle this one.
I thought that perhaps it was occuring because I was running the code in the console, but when I did the following I got the same error message:
$(document).on('click',function() {
$.ajax({
type: "POST",
data: { name: "John", location: "Earth" }
})
});
ALSO, when I use type:"GET"
it works no problem. I am assuming it is some sort of cross site scripting error , but I'm not scripting cross site? What do I need to do to send this POST
request?
UPDATE, I am using the hackathon starter
package: https://github.com/sahat/hackathon-starter#why-do-i-get-403-error-forbidden-when-submitting-a-form Which states the following:
"You need to add the following hidden input element to your form. This has been added in the pull request #40 as part of the CSRF protection. input(type='hidden', name='_csrf', value=_csrf)
Note: It is now possible to whitelist certain URLs. In other words you can specify a list of routes that should bypass CSRF verification check.
Note 2: To whitelist dynamic URLs use regular expression tests inside the CSRF middleware to see if req.originalUrl matches your desired pattern."
There are two solutions to this problem:
1) Inside of app.js
change the line csrf: true
to csrf: false
, as in the following:
app.use(lusca({
csrf: false,
xframe: 'SAMEORIGIN',
xssProtection: true
}));
2) Delete the lusca
module and delete all of the following references to it inside of app.js
:
var lusca = require('lusca');
app.use(lusca({
csrf: false,
xframe: 'SAMEORIGIN',
xssProtection: true
}));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.