CSRF issues

[carnhofdaki]

Describe the bug

When searching on https://bitcoinexplorer.org/, I get this in the browser:

Error
Message
invalid csrf token
Stack
(unavailable)
Error Object
{}

npm install says this:

npm WARN deprecated csurf@1.11.0: Please use another csrf package

Environment (please complete the following information):

Whatever is current for bitcoinexplorer.org

To Reproduce

Steps to reproduce the behavior:

1. Go to https://bitcoinexplorer.org/
2. Click on Search text input box
3. Enter 0 (for searching a genesis block)
4. See error

Screenshots or Log Output

Log from another node running btc-rpc-explorer and experiencing the same error:

2023-04-05 09:16:44.387254500 2023-04-05T09:16:44.387Z btcexp:error Error ExpressUncaughtError: ForbiddenError: invalid csrf token, json: {"message":"invalid csrf token","code":"EBADCSRFTOKEN"}, userData: [object Object] (json: {})
2023-04-05 09:16:44.387678500 2023-04-05T09:16:44.387Z btcexp:errorVerbose Stack: ForbiddenError: invalid csrf token
2023-04-05 09:16:44.387688500     at csrf (/home/be/src/btc-rpc-explorer/node_modules/csurf/index.js:112:19)
2023-04-05 09:16:44.387694500     at Layer.handle [as handle_request] (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/layer.js:95:5)
2023-04-05 09:16:44.387701500     at trim_prefix (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:328:13)
2023-04-05 09:16:44.387707500     at /home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:286:9
2023-04-05 09:16:44.387713500     at Function.process_params (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:346:12)
2023-04-05 09:16:44.387720500     at next (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:280:10)
2023-04-05 09:16:44.387726500     at /home/be/src/btc-rpc-explorer/app.js:1091:2
2023-04-05 09:16:44.387732500     at Layer.handle [as handle_request] (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/layer.js:95:5)
2023-04-05 09:16:44.387755500     at trim_prefix (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:328:13)
2023-04-05 09:16:44.387764500     at /home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:286:9
2023-04-05 09:16:44.387770500     at Function.process_params (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:346:12)
2023-04-05 09:16:44.387802500     at next (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:280:10)
2023-04-05 09:16:44.387809500     at /home/be/src/btc-rpc-explorer/app.js:986:2
2023-04-05 09:16:44.387814500     at Layer.handle [as handle_request] (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/layer.js:95:5)
2023-04-05 09:16:44.387819500     at trim_prefix (/home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:328:13)
2023-04-05 09:16:44.387826500     at /home/be/src/btc-rpc-explorer/node_modules/express/lib/router/index.js:286:9

[carnhofdaki]

The same happens on https://bitcoinexplorer.org/search

@janoside FYI

[janoside]

@carnhofdaki @Francisco-DAnconia The latest code fixes the invalid CSRF issue for the public demo site (bitcoinexplorer.org). If either of you are running the tool locally and were seeing the issue, I'd be happy to have you update and confirm or deny whether the issue is fix. Thanks.

[cryptoteun]

@carnhofdaki @Francisco-DAnconia The latest code fixes the invalid CSRF issue for the public demo site (bitcoinexplorer.org). If either of you are running the tool locally and were seeing the issue, I'd be happy to have you update and confirm or deny whether the issue is fix. Thanks.

I had the issue as well, but it's resolved after the update, thanks!

[Francisco-DAnconia]

I only tested on Testnet. The CSRF error did not occur.

But, the search failed when attempting to find P2PKH and P2SH addresses. "No results found for query: "

Searching for P2WPKH addr, blocks, transactions worked as expected.

[janoside]

@Francisco-DAnconia Just pushed a fix for the address searching: b0e839e32ee84b1ff688a38c3a226789b63305c2

Closing this issue since it seems like it's fixed for multiple people.