Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Forbidden by CSRF on my registration form, not sure why

Tags:

javascript

node.js

csrf

I have setup CSRF on my Express v3 app, and I have it like this:

app.use(express.session({
  secret: "gdagadgagd",
  cookie: {
    httpOnly: true,
    path : '/',
    maxAge: 1000*60*60*24*30*12
  }
}));
app.use(express.csrf());
app.use(function(req, res, next) {
  res.locals.token = req.session._csrf;
  next();
})

and on my page the token appears as:

<input type="hidden" name="_csrf" value="E3afFADF3913-fadFK31">

But when I try to register on my webpage, I get this error:

Error: Forbidden
    at Object.exports.error (/Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/utils.js:55:13)
    at Object.handle (/Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)
    at next (/Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/proto.js:190:15)
    at next (/Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/middleware/session.js:313:9)
    at /Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/middleware/session.js:337:9
    at /Users/account/Desktop/nodeapp/node_modules/express/node_modules/connect/lib/middleware/session/memory.js:50:9
    at process._tickCallback (node.js:415:13)

I'm using Jade as my template engine and this is what I have:

input(type='hidden', name='_csrf', value=token)

I am accessing the webpage directly at localhost:3000 and I'm not sure why I am forbidden from registering an account. Thanks!

like image 806
Datsik Avatar asked Oct 21 '22 13:10

Datsik

1 Answers

You should use bodyParser middleware, to let the server know that _csrf was passed.

Insert app.use(express.bodyParser()); before app.use(express.csrf());.

like image 163
JiminP Avatar answered Oct 27 '22 11:10

JiminP
Sign in to Comment

Related questions

jQuery.after() does not work as expected
Moving javascript audio into jquery
Disable Shift + Right click in firefox with Javascript
validation form in table mode with javascript
JS ProgressEvent is only fired when finished
Unit testing javascript code style
Creating virtual pages dynamically using jQuery Mobile
Efficient Javascript Array Lookup
Slow performance with jQuery selector
spring longpolling example code?
Web Worker Memory Leak?
Display modal DIV over darkened page
Floating Images mess up Bootstrap Scrollspy
Render static indexable pages with AngularJS for SEO purposes?
Should the change event be fired when text field's value is changed both manually and programmatically?
Download file from Dropbox with JavaScript
How do you preload images into the Orbit slider?
Using require('...') with a variable vs. using a string in webpack
Remove Bootstrap's validation icons
Condition in v-bind:Style

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!