By Tobias Stangl


2016-11-08 12:56:21 8 Comments

I am using the csrf protection in my MEAN-Stack Application with the csurf node.js module.

As long as I send POST requests from my Angular frontend to the web service, everything works fine. But if I try to make a POST request via postman, I'll always face:

"ForbiddenError: invalid csrf token"

According to the first answer from How do I send spring csrf token from Postman rest client? i get the Token out of the cookie from the login request and set it to every post request. Get requests are working fine.

I configured it as follows:

app.use(csrf({cookie: {path: '/', httpOnly: true}}));
app.use(function(req, res, next) {
    let token = req.csrfToken();
    res.cookie('XSRF-TOKEN', token);
    res.locals.csrfToken = token;
    next();
});

Best regards,

Tobias

0 comments

Related Questions

Sponsored Content

5 Answered Questions

[SOLVED] What is a CSRF token ? What is its importance and how does it work?

  • 2011-03-05 22:17:07
  • Shawn
  • 325688 View
  • 538 Score
  • 5 Answer
  • Tags:   csrf

2 Answered Questions

[SOLVED] Sending CSRF Tokens via Postman

4 Answered Questions

[SOLVED] Why is it common to put CSRF prevention tokens in cookies?

2 Answered Questions

CSRF 403 Forbidden - Invalid CSRF Token

0 Answered Questions

Express csrf (csurf middleware) validation issues with angular app

6 Answered Questions

[SOLVED] How do I send spring csrf token from Postman rest client?

1 Answered Questions

1 Answered Questions

[SOLVED] How to set CSRF Token to different context path

  • 2017-02-20 21:12:59
  • javageek
  • 1101 View
  • 1 Score
  • 1 Answer
  • Tags:   csrf x-xsrf-token

2 Answered Questions

1 Answered Questions

Sponsored Content