It has to be said that Alibaba’s egg framework is quite good, with its own security verification.
Problem: get request is normal, post request background will report such an error.
" nodejs.ForbiddenError : invalid csrf token"
There is an official explanation for this problem. Click to jump to the official safety explanation of egg. There is not too much explanation here
Method 1: in the confit.default.js Add the following code to turn off security verification (not recommended)
config.security = {
csrf: {
enable: false,
},
};
Method 2: when the front-end initializes the interface, let the front-end get to request an interface first, and the background returns a secret key to the front-end. Let the front-end put it in the headers request header when the post request is made, and the egg will automatically verify the secret key, and the request will succeed only if the verification is successful.
1. Egg background code, get interface returns secret key: 2
async index() {
const { ctx } = this;
ctx.body = {
csrf:ctx.csrf
};
}
The following two methods are demonstrated. The postman test is as follows. At the same time, if a request is made in the front end, a secret key pair will be generated in the cookies. As shown in the figure below, the secret key will change after each request, so the CSRF obtained in the front end should be put in the headers request header in a global way.
2. Front end secret key request: 2
axios.post('apis/add', data,{headers:{'x-csrf-token': headData}})
The postman test is as follows: directly copy CSRF
OK, successful request, perfect solution, start moving bricks
Read More:
- Forbidden (403) CSRF verification failed. Request aborted. – Django
- CSRF verification failed. Request aborted.
- In the HTML page request Ajax times 400 error, solve Yii submit post form 400 error, and Ajax post request 400 problem (example code)
- Error: timeout of 5000ms exceeded error is always reported during post request
- Solution to Error 400. The request has an invalid header name
- Tensorflow reported an error when using session module: attributeerror: module ‘tensorflow’ has no attribute ‘session’, which has been solved
- [nodejs] error request aborted after request routing in post mode
- 8、Forbidden (CSRF token missing or incorrect.): /register/
- Flask Request an extension before_request after_request errorhandler
- ERROR in static/js/app.xxxxxxx.js from UglifyJs Unexpected token: operator (>)
- Vue failed to log in. F12 reported an error: request failed with status code 404
- Baidu editor echo JS error uncaught syntax error: invalid or unexpected token
- Syntax error on token “>>”, invalid AssignmentOperator(invalid token)
- Ntpdate reported an error when updating the clock, and the problem of no server suitable for synchronization found was solved
- Resourceaccessexception: I / O error on post request for and connection timed out
- Magento prompts “there has been an error processing your request”
- [_ Note] Vue.js reported an error: Cannot read property’validate’ of undefined”
- Jetty9 change post request length
- JWT and token + redis scheme of spring security
- When feign is called, the solution of request method ‘post’ not supported appears