I have a problem with krakenjs, I am new to node / express.
krakenjs is configured to protect by default csrf (I know how to disable it, but I don't want to), but I don't know how to handle csrf and avoid 403 error.
in the ejs file i got this line.
<input type="hidden" name="_crsf" value="<%= _csrf %>" />
it generates the correct csrf, there is no problem.
and here is my route
server.post('/isengard/fact/new', function(req,res){ var new_fact = Fact({ title : req.body.fact_title, description : req.body.fact_description, source : req.body.fact_source }); new_fact.save(function(err){ if(err) return handleError(err); var model = {status:true}; res.render('isengard/create',model); }); });
but when I submit the form (POST), I get this error.
403 Error: Forbidden at Object.exports.error (/Users/onur/Documents/node/sage/node_modules/express/node_modules/connect/lib/utils.js:63:13) at createToken (/Users/onur/Documents/node/sage/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55) at /Users/onur/Documents/node/sage/node_modules/express/node_modules/connect/lib/middleware/csrf.js:48:24 at csrf (/Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:112:13) at /Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:60:21 at xframe (/Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:131:9) at /Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:60:21 at p3p (/Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:144:9) at /Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:60:21 at Object.appsec (/Users/onur/Documents/node/sage/node_modules/kraken-js/node_modules/lusca/index.js:65:9)
can someone explain me how to handle csrf?
source share