我的任务是通过添加csrf令牌来添加额外的安全层。我可以添加csurf包和cookie解析器,但我在react和传递令牌以进行react方面遇到了问题。我不能在这里发布我的代码,但也许下面列出的这些特定行足以回答这个问题。
**//this line here is causing issues because if I remove the get route the index.html will still be servered regardless of whether or not I include the get route request!**
app.use(express.static(path.join(__dirname, 'build')));
//if i comment this get route out the react app is still being served
app.get('/', function(req, res) {
//added this console log to see if this was even being called and it is NOT being called
console.log('get request called');
res.sendFile(path.join(__dirname, 'build', 'index.html'));
});在我能够获得csrf令牌之前,我需要弄清楚为什么没有运行get路由。问题:为什么即使我删除了get路由,react应用程序仍在提供服务?是应用程序使用(express.static…(行的问题吗?
Yes express.static正在提供构建文件夹中的索引文件。
https://expressjs.com/en/resources/middleware/serve-static.html