What is the problem with csrf in Egg.js?

I now have a problem. I am using Egg.js,Egg.js to enable csrf,POST requests by default. All csrf,POST requests need to be accompanied by csrf headers. CsrfToken is in Cookie. The problem is that my first access is a POST request, but there is no csrfToekn, in Cookie, so when this API is accessed, it is blocked because there is no csrf header.

for example, I have a registered API, but access must be carried with the csrfToken, stored in the Cookie. To get the csrfToken, you must first GET it. Then, my first request is POST, because it is registered with API, so there is no csrfToken

in Cookie.

do I have to GET casually before I register?

or I can close csrf, to solve this problem

it feels a little inelegant.

Csrf koa2 eggjs
Jul.30,2021

my solution is to turn this off and use my own authentication scheme. In fact, you don't have to worry about CSRF attacks for front-end and back-end separate projects, just use your own authentication scheme. If it is not the front and rear separation of the registration login page mentioned above, it is also possible to render the output with Egg.

Previous: How to change the idea of native php and laravel to laravel?

Next: Why is request.status=0? There is no problem with php and browser return.

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu