我无法将 Express 的 CSRF 令牌与 Angular 的 XSRF 令牌集成。我正在使用给定的教程 https://jasonwatmore.com/post/2020/09/08/nodejs-mysql-boilerplate-api-with-email-sign-up-verification-authentication-forgot-password。
我知道代码风格粗糙,但我需要解决这个问题。
这是我的快递代码
server.js(main)
require('rootpath')();
const express = require('express');
const app = express();
const helmet = require("helmet");
const bodyParser = require('body-parser');
var cookieParser = require('cookie-parser')
var csrf = require('csurf')
const cors = require('cors');
const errorHandler = require('_middleware/error-handler');
app.use(cookieParser());
app.use(csrf({ cookie: true }))
app.use(helmet({ dnsPrefetchControl: { allow: true }}));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.all('*', function (req, res) {
res.cookie('XSRF-TOKEN', req.csrfToken())
})
app.use(cors({ origin: (origin, callback) => callback(null, true), credentials: true }));
// api routes
app.use('/accounts', require('./accounts/accounts.controller'));
// swagger docs route
app.use('/api-docs', require('_helpers/swagger'));
// global error handler
app.use(errorHandler);
// start server
const port = process.env.NODE_ENV === 'production' ? (process.env.PORT || 80) : 4000;
app.listen(port, () => console.log('Server listening on port ' + port));
在 Angular 中,我在 module.ts 中添加了 XSRF TOKEN
imports: [
BrowserModule,
ReactiveFormsModule,
HttpClientModule,
HttpClientXsrfModule.withOptions({
cookieName: 'XSRF-TOKEN',
headerName: 'X-XSRF-TOKEN'
}),
AppRoutingModule
],
请帮我解决问题