Invalid CSRF token

NodeBB Development
  • #1

    I m new to NodeBB, I just saw NodeBB and was instantly in love with it, I wanted to use it as a Backened forum. So I downloaded and started developing.

    I duplicated a theme and renamed it , to start developing on it.
    then I added this code in the library.js

    function renderThemepage(req, res, next) {
    	res.render('add_comic', {});
    Theme.init = function(params, callback) {
    	var app = params.router,
    	middleware = params.middleware,
    	controllers = params.controllers;
    	app.get('/comic/add', middleware.applyCSRF, middleware.buildHeader, renderThemepage);
'/comic/add', middleware.applyCSRF, middleware.buildHeader, function(req, res, next) {

    add_comic.tpl has a basic form, that sends the post request to /comic/add but I get invalid csrf token in the logs whenever I submit the form.

  • #2

    :)that sends the post request to /comic/add but I get invalid csrf token in the logs whenever I submit the form.

  • GNU/Linux

    You'll want to send in the csrf token as a header value. You can investigate time proper way to do so using jQuery.

    The header name is x-csrf-token

  • #4

    I checked using HTTP header plugin but no x-csrf-token is being passed, can you give an example or do you know any link where it is shown, I have duplicated vanilla theme as the base.

  • #5

    Ok , I solved it, after checking that there is no csrf header i tried manually add it, but it didn't succeed I went add the token in template as (for those who might get stuck on same problem as me)

    	<input type="hidden" value="{token}" name="_csrf" />

    and passing the value like this

    function renderThemepage(req, res, next) {
    	var csrf = require('csurf');
    	res.render('add_comic', {token: req.csrfToken()});
  • GNU/Linux

    @riteshsanap Good to know that still works.

    Either pass in _csrf as a form value, or if submitting via ajax, can send x-csrf-token header

  • #7

    I'm also getting an invalid csrf error while trying to log in if anyone can help me out...

    I'm runnning 0.5.7 and reset theme and plugins, but not luck. I looked at mongodb and the sessions collection grows by about 6-9 documents each page request...weird. This is a development instance, so I'm the only one...

    Also, I was logged in on Chrome and noticed I couldn't log in on Firefox...just Chrome for some reason. So, I cleared my cache in Chrome and it started giving me errors

  • #8

    I figured out my issue...

    MongoDB user I was using had a readWrite role, but I guess it needs the dbAdmin role as well. When I tried creating a new user in the nodebb admin area, then it would make things go wonky without the dbAdmin role and result in invalid csrf tokens.

Suggested Topics

  • 0 Votes
    2 Posts

  • 0 Votes
    1 Posts

  • 1 Votes
    4 Posts

  • CSRF

    NodeBB Development
    1 Votes
    6 Posts

  • 2 Votes
    17 Posts

| | | |