use postman in chrome found error : CSRF token missing

krakenjs / lusca

Application security for express apps.

Other

1.78k stars 123 forks source link

use postman in chrome found error : CSRF token missing #73

Open simdm opened 8 years ago

simdm commented 8 years ago

    app.use(lusca({
      csrf: {
        angular: true
      },
      xframe: 'SAMEORIGIN',
      hsts: {
        maxAge: 31536000, //1 year, in seconds
        includeSubDomains: true,
        preload: true
      },
      xssProtection: true
    }));

use postman in chrome found error : CSRF token missing

lvarayut commented 8 years ago

Did you figure it out? I'm facing the same issue.

aredridel commented 8 years ago

Did you send the token with your request?

lvarayut commented 8 years ago

Yes, I did. I put it in the header Authorization: Bearer <token>.

danilodeveloper commented 8 years ago

hello @lvarayut and @aredridel I'm facing the same issue here. I've tried to put the _csrf token in the message payload and in the header, both with same issue.

Using lusca 1.3.0 and express 4.13.3

jasisk commented 8 years ago

Yes, I did. I put it in the header Authorization: Bearer .

Hello @lvarayut.

a csrf token is not an auth token—it won't work as a bearer token.

You'll want to set the x-csrf-token header to the csrf token (see this test for an example). If you'd rather use a different value, simply pass a header value in with the options you use to configure csrf.

I'm facing the same issue here.

Hey @danilodeveloper. It sounds like you may have a slight misconfiguration—perhaps load order? Are you loading lusca after you register your routes, by chance? Do you have body-parsing middleware before lusca?

danilodeveloper commented 8 years ago

Hi @jasisk! I made a mistake, sorry. I created a route that was loaded after lusca.

Sorry again @jasisk :blush:

jasisk commented 8 years ago

No worries. Glad it worked out. :grinning:

lvarayut commented 8 years ago

@jasisk Perfect! Thanks for your response.

dopplesoldner commented 8 years ago

Hi guys.

I am having this issue as well and wasn't able to figure this out (perhaps due to my lack of experience with nodejs).

I've added an image to show what I am trying

ishaan-puniani commented 8 years ago

Hi, I from where did you fetch this token. I want to have application to post data on other application. so i am looking for a method to fetch this token before making post request.

saeidalidadi commented 7 years ago

Hi, I have the same issue with postman

gs-2265 commented 5 years ago

use "csrfmiddleware" : "your csrf token" as a key-value pair, This solved my problem.