小贝子编程

当我尝试将"post"请求发送到 SailsJS 服务器时,我收到 403 CSRF 不匹配



我有一个sailsJS服务器。我试图从另一个域的客户端发送post请求。

我从/csrfToken发送_csrf,但我得到403 csrf不匹配一次又一次

客户端代码如下:

    $.ajax({
                  url: 'http://myserverdomain.ru/csrfToken'
                  success: (response) ->
                      $.ajax({
                          url: 'http://myserverdomain.ru/session/create'
                          type: "POST"
                          crossDomain: true
                          xhrFields: {
                              withCredentials: true
                          }
                          data: {_csrf: response._csrf, email: 'mail@mail', password: 'password'}
                          error: () ->
                              console.log 'error'
                          success: ( resp ) ->
                              console.log resp
                      })
            })

服务器的配置:

module.exports.csrf = {
    grantTokenViaAjax: true,
    origin: 'http://myclientdomain.ru'
};

module.exports.cors = {
  allRoutes: true,
  origin: 'http://myclientdomain.ru',
  credentials: true,
  methods: 'GET, POST, PUT, DELETE',
  headers: 'content-type'

响应如下:

CSRF mismatch
一般

: 

Remote Address:ip.ip.ip.1:1010
Request URL:http://myserverdomain.ru/session/create
Request Method:POST
Status Code:403 Forbidden

请求标头:

Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Content-Length:95
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:sails.sid=s%3A_HBoGJvI9N_-kH3Bj2LBrIrayWAb_k4z.N9P%2F%2Bt%2FDWCFAuK1MvBNjyYO1ntmp5m8a5Te0IM%2Ftn7s; BCSI-CS-c82c2a7dcc10e8b5=2
Host:myserverdomain.ru
Origin:http://myserverdomain.ru
Proxy-Connection:keep-alive
Referer:http://myserverdomain.ru/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36

表单数据:

_csrf:ljGDMpSr-_O1ktMJ-zHEJfWaKPygXwNSSjcU
email:mail@mail
password:password

请帮帮我!

我不熟悉SailsJs,但花了几分钟在他们的文档后,你所做的似乎是正确的,但我会尝试一些事情

    尝试在header中设置_csrf。
  1. module.exports.csrf中的origin改为* module.exports.csrf = { grantTokenViaAjax: true, origin: '*' }

你必须在header中发送

添加X-CSRF-Token: 

$.ajax({
url: 'http://myserverdomain.ru/csrfToken'
success: (response) ->
  $.ajax({
      url: 'http://myserverdomain.ru/session/create'
      type: "POST"
      crossDomain: true
      beforeSend: function(xhr, settings){
          xhr.setRequestHeader('X-CSRF-Token', '_PUT_YOUR_CSRF_HERE_');
      }
      xhrFields: {
          withCredentials: true
      }
      data: {_csrf: response._csrf, email: 'mail@mail', password: 'password'}
      error: () ->
          console.log 'error'
      success: ( resp ) ->
          console.log resp
  })
})

在config/crfs.js中,添加这些行和你的路由:

module.exports.csrf = {
  grantTokenViaAjax: true
  , routesDisabled: '*Route URLs*',
  'origin': '*'
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium