lagoasoft-lucasschmidt
commented
8 years ago Sorry, I was wrong. The problem wasnt about that concurrency, I thought that cookies took some time to take effect (due to browser), but I was wrong.
I was able to make it work here, my issue is the following:
- When I render a page, I need to inject the initial header token
- If I call getHeaderToken, as far as I ve seen, this token wont match the cookie token I will receive when the page is rendered, generated by the middleware.
- I cant access the res.locals.csrfJwtTokens, since its set using the
on-headersmodule, and I would need in order to render my page
So, why are the tokens only set using the on-headers? I dont get the use case.
Code says
// Set JWT in header and cookie before response goes out
// This is done in onHeaders since we need to wait for any service calls (e.g. auth) which may
// otherwise change the state of our token
onHeaders(res, function () {
drop(req, res, options);
});
Hey guys, I am having the following problem:
This is because the COOKIE is not set at the same time as the csrf from the header. I am using the given interceptor of XmlHttpRequest. How do I handle this case? Do you guys have any good ideas?
(tested using latest Chrome)