[英]Why i'm getting a network error, when trying to send a post request using axios
[英]I Get 403 CSRF Mismatch when I'm trying to send the “post” request to SailsJS server
我有一個sailsJS服務器。 我嘗試從另一個域的客戶端發送帖子請求。
我從/ csrfToken發送_csrf,但我一次又一次得到403 csrf不匹配
客戶端代碼如下所示:
$.ajax({
url: 'http://myserverdomain.ru/csrfToken'
success: (response) ->
$.ajax({
url: 'http://myserverdomain.ru/session/create'
type: "POST"
crossDomain: true
xhrFields: {
withCredentials: true
}
data: {_csrf: response._csrf, email: 'mail@mail', password: 'password'}
error: () ->
console.log 'error'
success: ( resp ) ->
console.log resp
})
})
服務器的配置:
module.exports.csrf = {
grantTokenViaAjax: true,
origin: 'http://myclientdomain.ru'
};
module.exports.cors = {
allRoutes: true,
origin: 'http://myclientdomain.ru',
credentials: true,
methods: 'GET, POST, PUT, DELETE',
headers: 'content-type'
響應看起來像這樣:
CSRF mismatch
一般:
Remote Address:ip.ip.ip.1:1010
Request URL:http://myserverdomain.ru/session/create
Request Method:POST
Status Code:403 Forbidden
請求標題:
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Content-Length:95
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:sails.sid=s%3A_HBoGJvI9N_-kH3Bj2LBrIrayWAb_k4z.N9P%2F%2Bt%2FDWCFAuK1MvBNjyYO1ntmp5m8a5Te0IM%2Ftn7s; BCSI-CS-c82c2a7dcc10e8b5=2
Host:myserverdomain.ru
Origin:http://myserverdomain.ru
Proxy-Connection:keep-alive
Referer:http://myserverdomain.ru/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
表格數據:
_csrf:ljGDMpSr-_O1ktMJ-zHEJfWaKPygXwNSSjcU
email:mail@mail
password:password
請幫幫我!
我對SailsJs不熟悉,但是在他們的文檔上花了幾分鍾后,你所做的似乎是正確的,但我會嘗試幾件事
module.exports.csrf
的origin
更改為* module.exports.csrf = { grantTokenViaAjax: true, origin: '*' }
你必須在標題中發送它
添加X-CSRF-Token:
$.ajax({
url: 'http://myserverdomain.ru/csrfToken'
success: (response) ->
$.ajax({
url: 'http://myserverdomain.ru/session/create'
type: "POST"
crossDomain: true
beforeSend: function(xhr, settings){
xhr.setRequestHeader('X-CSRF-Token', '_PUT_YOUR_CSRF_HERE_');
}
xhrFields: {
withCredentials: true
}
data: {_csrf: response._csrf, email: 'mail@mail', password: 'password'}
error: () ->
console.log 'error'
success: ( resp ) ->
console.log resp
})
})
在config / crfs.js中,添加以下行和您的路線:
module.exports.csrf = {
grantTokenViaAjax: true
, routesDisabled: '*Route URLs*',
'origin': '*'
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.