Closed lobax closed 6 years ago
Looks like you just forgot to actually use the parseForm
you created, so the _csrf
was not visible to the csurf
middleware (csrfProtection
). Just use the parseForm
somewhere prior to that and it works 👍
Ah, thanks! Maybe this should also be done in the example? :)
It's in the example, right in the post handler:
app.post('/process', parseForm, csrfProtection, function (req, res) {
res.send('data is being processed')
})
Thank you, I am blind!
I am unable to use csurf in this basic test application, no matter what I do I always get "ForbiddenError: invalid csrf token" after sending a form.
What am I doing wrong? I am trying to follow the example given in the documentation for csurf (although I am using TLS as well - could that affect the results?).