我使用带有express.js和passport.js的节点作为我的身份验证框架 .

我使用下面的代码设置了express.js中内置的csrf保护 .

app.use(express.csrf());
app.use(function (req, res, next) {
  res.locals.token = req.csrfToken();
  next();
});

我的路线:

app.post('/passportlogin', passport.authenticate('local-login', {....}), function(req, res){...});

我的登录表单中有一个隐藏字段,名称为''_ csrf',我确认令牌已初始化 . 当我将表单(POST)提交给护照身份验证时,express会返回403 unforbidden error,如下所示 .

知道如何用快递和护照设置csrf吗?

Express
403 Error: Forbidden
at Object.exports.error (node_modules\express\node_modules\connect\lib\utils.js:63:13)
at createToken (node_modules\express\node_modules\connect\lib\middleware\csrf.js:82:55)
at Object.handle (node_modules\express\node_modules\connect\lib\middleware\csrf.js:48:24)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at Object.handle (node_modules\connect-flash\lib\flash.js:21:5)
at next (node_modules\express\node_modules\connect\lib\proto.js:193:15)
at SessionStrategy.strategy.pass (node_modules\passport\lib\middleware\authenticate.js:314:9)
at SessionStrategy.authenticate (node_modules\passport\lib\strategies\session.js:67:10)
at attempt (node_modules\passport\lib\middleware\authenticate.js:337:16)
at Object.authenticate [as handle] (node_modules\passport\lib\middleware\authenticate.js:338:7)
javascript node.js express csrf passport.js