Community

Invalid CSRF token

NodeBB Development
  • R

    Hello,
    I m new to NodeBB, I just saw NodeBB and was instantly in love with it, I wanted to use it as a Backened forum. So I downloaded and started developing.

    I duplicated a theme and renamed it , to start developing on it.
    then I added this code in the library.js

    function renderThemepage(req, res, next) {
	res.render('add_comic', {});
};

Theme.init = function(params, callback) {
	var app = params.router,
	middleware = params.middleware,
	controllers = params.controllers;
	 
	app.get('/comic/add', middleware.applyCSRF, middleware.buildHeader, renderThemepage);

	app.post('/comic/add', middleware.applyCSRF, middleware.buildHeader, function(req, res, next) {
		res.send(req);
	});
	callback();
};

    add_comic.tpl has a basic form, that sends the post request to /comic/add but I get invalid csrf token in the logs whenever I submit the form.

    0
  • Q

    :)that sends the post request to /comic/add but I get invalid csrf token in the logs whenever I submit the form.

    0
  • julianJ

    You'll want to send in the csrf token as a header value. You can investigate time proper way to do so using jQuery.

    The header name is x-csrf-token

    1
  • R

    I checked using HTTP header plugin but no x-csrf-token is being passed, can you give an example or do you know any link where it is shown, I have duplicated vanilla theme as the base.

    0
  • R

    Ok , I solved it, after checking that there is no csrf header i tried manually add it, but it didn't succeed I went add the token in template as (for those who might get stuck on same problem as me)

    	<input type="hidden" value="{token}" name="_csrf" />

    and passing the value like this

    function renderThemepage(req, res, next) {
	var csrf = require('csurf');
	res.render('add_comic', {token: req.csrfToken()});
};
    0
  • julianJ

    @riteshsanap Good to know that still works.

    Either pass in _csrf as a form value, or if submitting via ajax, can send x-csrf-token header

    0
  • mootzvilleM

    I'm also getting an invalid csrf error while trying to log in if anyone can help me out...

    I'm runnning 0.5.7 and reset theme and plugins, but not luck. I looked at mongodb and the sessions collection grows by about 6-9 documents each page request...weird. This is a development instance, so I'm the only one...

    Also, I was logged in on Chrome and noticed I couldn't log in on Firefox...just Chrome for some reason. So, I cleared my cache in Chrome and it started giving me errors

    0
  • mootzvilleM

    I figured out my issue...

    MongoDB user I was using had a readWrite role, but I guess it needs the dbAdmin role as well. When I tried creating a new user in the nodebb admin area, then it would make things go wonky without the dbAdmin role and result in invalid csrf tokens.

    0

Suggested Topics

| | | |
Copyright © 2023 NodeBB | Contributors