最新版本的 express使用csrf问题
发布于 1年前 作者 qq277049 538 次浏览

app.js

/**
 * Module dependencies.
 */

var express = require('express');
var routes = require('./routes');
var user = require('./routes/user');
var http = require('http');
var path = require('path');

var app = express();

// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(express.cookieParser('sdfs'));
app.use(express.session());
app.use(express.csrf());
app.use(function(req,res,next){
res.locals.token = req.csrfToken()
next();
});
app.use(app.router);
app.use(require('less-middleware')({ src: path.join(__dirname, 'public') }));
app.use(express.static(path.join(__dirname, 'public')));

// development only
if ('development' == app.get('env')) {
  app.use(express.errorHandler());
}

app.get('/', routes.index);
/**
 * 用户相关操作
 */
app.get('/users', user.list);
app.get('/reg',user.reg);
app.post('/disposeReg',user.disposeReg);


http.createServer(app).listen(app.get('port'), function(){
  console.log('Express server listening on port ' + app.get('port'));
});

页面使用 <input type="hidden" name="_csrf" value="<%= token %>>">

一直提示430错误,然后看到吗csrf一直在变

回到顶部