I'm using csurf of a project with simply an app.use(csrf()) as middleware. I'm stuffing the CSRF token into my handlebars templates on the res.render('template', {csrfToken: req.csrfToken()}). Everything is working fine.The problem I'm having is as follows. A certain registration form uses an AJAX call to verify if an email is available as part of the form validation. This AJAX call is able to grab the csrf token from the rendered page, but that CSRF token is "used up" in this process. The request has now caused the middleware to generate a new CSRF token, and now the form (which was rendered two requests ago) has the wrong CSRF token.What are my options here? I was basically going to change the CSRF configuration so that only my actual form post routes are CSRF-protected and let the checkemail route (which only AJAX ever talks to) run without CSRF.How are others handling this?
Submitted November 27, 2017 at 05:15PM by 64bitHustler
No comments:
Post a Comment