I'm writing a single page application with MEAN stack
, and using express-session
with redis
for session management.
I want to use scrf token in my client's cookies.
the problem is when I add csurf
middleware, it set a session with name csrfSecret
in redis, but how can I send it in cookie to client?
middlewares :
app.use(csrf({}));
app.use(function(req, res, next) {
res.cookie('csrf-token', req.csrfToken());
return next();
});
and csrf-token
is sending to client but it don't do anything.and I receive 403 error from module.
thank you for any answer or idea.
If you want to create a csrf cookie in the client you have to use the following:
app.use(csrf({ cookie: true })
This will create a token in the client. If you do not pass any options to the csrf function it will use req.session
. If you want to save the cookie client-side, remember that you will need to use cookie-parser
module.
You can find more information in the github link to the project: https://github.com/expressjs/csurf
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.