Thursday, 15 April 2010

node.js - NodeJS Express CSRF Error -



node.js - NodeJS Express CSRF Error -

i receiving next stack trace error node server. app runs on angular , uses node interact api.

error: forbidden @ object.exports.error (/home/bitnami/myapp/node_modules/express/node_modules/connect/lib/utils.js:63:13) @ createtoken (/home/bitnami/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55) @ /home/bitnami/myapp/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:7 @ object.<anonymous> (/home/bitnami/myapp/node_modules/express/node_modules/connect/node_modules/uid2/index.js:46:8) @ object.ondone (/home/bitnami/myapp/node_modules/newrelic/node_modules/continuation-local-storage/node_modules/async-listener/glue.js:188:31)

here how express app configured:

app = express() app.configure -> app.use express.static(__dirname + "/_public") app.use (req, res) -> res.sendfile __dirname + asseturl + "/index.html" app.use express.logger("dev") app.use express.bodyparser() app.use express.cookieparser("shhhh, secret") app.use express.cookiesession() app.use express.csrf(value: csrfvalue) app.use (req, res, next) -> res.cookie('xsrf-token', req.csrftoken()) res.locals.csrftoken = req.csrftoken() next() app.use app.router

and here client side code:

html:

<form name="loginform" novalidate ng-submit="submitform(loginform)"> <label for="username">email</label> <input id="username" type="email" name="username" ng-model="user.username" required placeholder="enter email address"> <label for="password">password</label> <input id="password" type="password" name="password" ng-model="user.password" required placeholder="enter password" ng-minlenth="7"> <button type="submit" ng-disabled="loginform.$invalid">sign in</button> </form>

javascript (angular):

login = (info) -> deferred = $q.defer() $http( method: 'post' url: '/auth/login' data: info ).then ((resp) -> userinfo = resp.data.data $window.sessionstorage["userinfo"] = json.stringify(userinfo) deferred.resolve userinfo ), (error) -> $window.sessionstorage["userinfo"] = null deferred.reject error homecoming

i believe culprit why communication between node , api goes down. issue happens when trying log in 1 time again in after logging out. have how angular loads pages? if refresh page, issue doe not occur.

node.js angularjs express csrf

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)