By Tobias Stangl


2016-11-08 12:56:21 8 Comments

I am using the csrf protection in my MEAN-Stack Application with the csurf node.js module.

As long as I send POST requests from my Angular frontend to the web service, everything works fine. But if I try to make a POST request via postman, I'll always face:

"ForbiddenError: invalid csrf token"

According to the first answer from How do I send spring csrf token from Postman rest client? i get the Token out of the cookie from the login request and set it to every post request. Get requests are working fine.

I configured it as follows:

app.use(csrf({cookie: {path: '/', httpOnly: true}}));
app.use(function(req, res, next) {
    let token = req.csrfToken();
    res.cookie('XSRF-TOKEN', token);
    res.locals.csrfToken = token;
    next();
});

Best regards,

Tobias

0 comments

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] Sending CSRF Tokens via Postman

5 Answered Questions

[SOLVED] What is a CSRF token ? What is its importance and how does it work?

  • 2011-03-05 22:17:07
  • Shawn
  • 359160 View
  • 578 Score
  • 5 Answer
  • Tags:   csrf

4 Answered Questions

[SOLVED] Why is it common to put CSRF prevention tokens in cookies?

2 Answered Questions

CSRF 403 Forbidden - Invalid CSRF Token

6 Answered Questions

[SOLVED] How do I send spring csrf token from Postman rest client?

1 Answered Questions

2 Answered Questions

[SOLVED] Where to store JWT in browser? How to protect against CSRF?

1 Answered Questions

[SOLVED] How to set CSRF Token to different context path

  • 2017-02-20 21:12:59
  • javageek
  • 1276 View
  • 1 Score
  • 1 Answer
  • Tags:   csrf x-xsrf-token

2 Answered Questions

1 Answered Questions

Sponsored Content