stackoom
  简体   繁体   中英

Getting 403 error and “n.ajaxTransport.k.cors.a.crossDomain.send” when sending a post request using Node.js

 原文  2015-02-21 17:37:18       javascript/ ajax/ node.js

Question

I am trying to send a simple ajax request while using node.js : 

$.ajax({
  type: "POST",
  data: { name: "John", location: "Earth" }
})

But I am getting the following error: 

POST http://localhost:3000/ 403 (Forbidden)jquery-2.1.3.min.js:4      
n.ajaxTransport.k.cors.a.crossDomain.sendjquery-2.1.3.min.js:4 
n.extend.ajaxVM475:2 (anonymous function)VM465:777 
InjectedScript._evaluateOnVM465:710 
InjectedScript._evaluateAndWrapVM465:626 InjectedScript.evaluate

I have a controller set up that handles other types of POST requests, but for some reason it won't handle this one.

I thought that perhaps it was occuring because I was running the code in the console, but when I did the following I got the same error message: 

$(document).on('click',function() {
  $.ajax({
    type: "POST",
    data: { name: "John", location: "Earth" }
  })
});

ALSO, when I use type:"GET" it works no problem. I am assuming it is some sort of cross site scripting error , but I'm not scripting cross site? What do I need to do to send this POST request?

UPDATE, I am using the hackathon starter package: https://github.com/sahat/hackathon-starter#why-do-i-get-403-error-forbidden-when-submitting-a-form Which states the following:

"You need to add the following hidden input element to your form. This has been added in the pull request #40 as part of the CSRF protection. input(type='hidden', name='_csrf', value=_csrf)

Note: It is now possible to whitelist certain URLs. In other words you can specify a list of routes that should bypass CSRF verification check.

Note 2: To whitelist dynamic URLs use regular expression tests inside the CSRF middleware to see if req.originalUrl matches your desired pattern."

1 answers

solution1
 0  2015-02-21 18:44:54

There are two solutions to this problem:

1) Inside of app.js change the line csrf: true to csrf: false , as in the following: 

app.use(lusca({
  csrf: false,
  xframe: 'SAMEORIGIN',
  xssProtection: true
}));

2) Delete the lusca module and delete all of the following references to it inside of app.js : 

var lusca = require('lusca');

app.use(lusca({
  csrf: false,
  xframe: 'SAMEORIGIN',
  xssProtection: true
}));

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Axios POST request returns 404 error when sending to Node.js API Node.js request error statuscode 403 Post Request in Angular to Node.js is not sending 403 forbidden error when using fetch in node.js Is there a simple way to send POST request using Node.js? Cors Policy Error when sending Authentication Bearer token - node.js (Google cloud functions) CrossDomain ajax request using CORS How to post to a request using node.js Can't properly send Request Body on the node.js version of XMLHttpRequest when doing POST request Getting Internal Server Error when sending POST request with an image file to database using React JS and Laravel
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM