Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use postman in chrome found error : CSRF token missing #73

Closed
simdm opened this issue Nov 25, 2015 · 12 comments
Closed

use postman in chrome found error : CSRF token missing #73

simdm opened this issue Nov 25, 2015 · 12 comments

Comments

@simdm
Copy link

simdm commented Nov 25, 2015 

    app.use(lusca({
      csrf: {
        angular: true
      },
      xframe: 'SAMEORIGIN',
      hsts: {
        maxAge: 31536000, //1 year, in seconds
        includeSubDomains: true,
        preload: true
      },
      xssProtection: true
    }));

use postman in chrome found error : CSRF token missing
@simdm simdm changed the title ios http access Error: CSRF token missing iuse afnetworking library in ios develop found error : CSRF token missing Nov 26, 2015
@simdm simdm changed the title iuse afnetworking library in ios develop found error : CSRF token missing use afnetworking library in ios develop found error : CSRF token missing Nov 26, 2015
@simdm simdm changed the title use afnetworking library in ios develop found error : CSRF token missing use postman in chrome found error : CSRF token missing Nov 26, 2015
@lvarayut
Copy link

lvarayut commented Jan 3, 2016

Did you figure it out? I'm facing the same issue.

@aredridel
Copy link
Contributor

Did you send the token with your request?

@lvarayut
Copy link

lvarayut commented Jan 5, 2016

Yes, I did. I put it in the header Authorization: Bearer <token>.

@danilodeveloper
Copy link

hello @lvarayut and @aredridel
I'm facing the same issue here.
I've tried to put the _csrf token in the message payload and in the header, both with same issue.

Using lusca 1.3.0 and express 4.13.3

@jasisk
Copy link
Contributor

jasisk commented Jan 5, 2016

Yes, I did. I put it in the header Authorization: Bearer .

Hello @lvarayut.

a csrf token is not an auth token—it won't work as a bearer token.

You'll want to set the x-csrf-token header to the csrf token (see this test for an example). If you'd rather use a different value, simply pass a header value in with the options you use to configure csrf.

I'm facing the same issue here.

Hey @danilodeveloper. It sounds like you may have a slight misconfiguration—perhaps load order? Are you loading lusca after you register your routes, by chance? Do you have body-parsing middleware before lusca?

@danilodeveloper
Copy link

Hi @jasisk!
I made a mistake, sorry. I created a route that was loaded after lusca.

Sorry again @jasisk 😊

@jasisk
Copy link
Contributor

jasisk commented Jan 5, 2016

No worries. Glad it worked out. 😀

@jasisk jasisk closed this as completed Jan 5, 2016
@jasisk jasisk reopened this Jan 5, 2016
@lvarayut
Copy link

lvarayut commented Jan 7, 2016

@jasisk Perfect! Thanks for your response.

@dopplesoldner
Copy link

Hi guys.

I am having this issue as well and wasn't able to figure this out (perhaps due to my lack of experience with nodejs).

I've added an image to show what I am trying

image

@ishaan-puniani
Copy link

Hi, I from where did you fetch this token. I want to have application to post data on other application. so i am looking for a method to fetch this token before making post request.

@nabilzhafri nabilzhafri mentioned this issue Jun 22, 2016
Closed
@saeidalidadi
Copy link

Hi, I have the same issue with postman

@gs-2265
Copy link

gs-2265 commented Nov 13, 2018

use "csrfmiddleware" : "your csrf token" as a key-value pair, This solved my problem.

@shaunwarman shaunwarman closed this as not planned Won't fix, can't repro, duplicate, stale Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@aredridel @jasisk @danilodeveloper @simdm @dopplesoldner @shaunwarman @saeidalidadi @ishaan-puniani @lvarayut @gs-2265