teratail header banner
teratail header banner
質問するログイン新規登録

質問編集履歴

3

文章の変更

2018/04/24 02:00

投稿

Nippun
Nippun

スコア1147

title CHANGED
File without changes
body CHANGED
@@ -6,148 +6,18 @@
6
6
  ``` JavaScript
7
7
  const express = require('express');
8
8
  const router = express.Router();
9
- const Post = require('./db/db');
10
9
 
11
10
  // add article (./views/new.ejs)
12
11
  router.get('/new', function (req, res) {
13
12
  res.render('new', {
14
- title: 'Add article',
15
- reqCsrf: req.csrfToken(),
16
13
  errors: req.flash('errors').shift()
17
14
  })
18
15
  });
19
16
 
20
- router.post('/create', function (req) {
21
- const post = new Post();
22
- post.title = req.body.title;
23
- post.content = req.body.content;
24
- post.save(function (err) {
25
- if(err){ // if there's error
26
- req.flash('errors', err.errors);
27
- req.redirect('/new');
28
- } else { // if not error
29
- req.redirect('/');
30
- }
31
- })
32
- });
33
17
  ```
34
- app.js
35
- ```Javascript
36
- require('./db/db');
37
18
 
38
- const createError = require('http-errors');
39
- const express = require('express');
40
- const path = require('path');
41
- const cookieParser = require('cookie-parser');
42
- const logger = require('morgan');
43
19
 
44
- const session = require('express-session');
45
- const csurf = require('csurf');
46
- const mongoose = require('mongoose');
47
- const flash = require('connect-flash');
48
- const methodOverride = require('method-override');
49
- const bodyParser = require('body-parser');
50
- const MongoStore = require('connect-mongo')(session);
51
-
52
-
53
- const indexRouter = require('./routes/index');
54
- const usersRouter = require('./routes/users');
55
- const postRouter = require('./routes/post');
56
-
57
- const app = express();
58
-
59
-
60
- const mongoURL = 'mongodb://local';
61
- mongoose.connect(mongoURL, function (err) {
62
- if(err){
63
- console.error('mongoDB: error');
64
- }else{
65
- console.log('Success connect);
66
- }
67
- });
68
-
69
- app.use(methodOverride(function(req, res){
70
- if( req.body && typeof req.body === 'object' && '_method' in req.body ){
71
- const method = req.body._method;
72
- delete req.body._method;
73
- return method;
74
- }
75
- }));
76
-
77
- app.use(session({
78
- secret: 'a',
79
- resave: false,
80
- saveUninitialized: false,
81
- store: new MongoStore({
82
- mongooseConnection: mongoose.connection
83
- }),
84
- cookie: {
85
- httpOnly: false,
86
- secure: true,
87
- maxage: 1000 * 60 * 30 // 30 minutes
88
- }
89
- }));
90
- app.use(csurf());
91
- app.use(flash());
92
-
93
-
94
-
95
- // view engine setup
96
- app.set('views', path.join(__dirname, 'views'));
97
- app.set('view engine', 'ejs');
98
-
99
- app.use(logger('dev'));
100
- app.use(express.json());
101
- app.use(bodyParser.json());
102
- app.use(express.urlencoded({ extended: false }));
103
- app.use(bodyParser.urlencoded({ extended: false }));
104
- app.use(cookieParser());
105
- app.use(express.static(path.join(__dirname, 'public')));
106
-
107
-
108
-
109
- app.use('/', indexRouter);
110
- app.use('/users', usersRouter);
111
- app.use('/post', postRouter);
112
- app.listen(process.env.PORT || 8000);
113
-
114
-
115
- // catch 404 and forward to error handler
116
- app.use(function(req, res, next) {
117
- next(createError(404));
118
- });
119
-
120
- // error handler
121
- app.use(function(err, req, res, next) {
122
- // set locals, only providing error in development
123
- res.locals.message = err.message;
124
- res.locals.error = req.app.get('env') === 'development' ? err : {};
125
-
126
- // render the error page
127
- res.status(err.status || 500);
128
- res.render('error');
129
- });
130
-
131
- module.exports = app;
132
20
  ```
133
-
134
- new.ejs
135
- ```HTML
136
- <form action="/create" method="post">
137
- <input type="hidden" name="_csrf" value="<%= reqCsrf %>">
138
- <p>
139
- <input type="text" name="title" value="" size="60">
140
- <% if( errors && errors.title ){ %>
141
- <strong><%= errors.title.message %></strong>
142
- <% } %>
143
- </p>
144
- <p><textarea name="contents" cols="60" rows="12"></textarea></p>
145
- <p><button type="submit">Create</button></p>
146
- </form>
147
- <p><a href="/">back to list</a></p>
148
- ```
149
-
150
- ```
151
21
  ERROR
152
22
 
153
23
  invalid csrf token

2

コードを追加しました。

2018/04/24 02:00

投稿

Nippun
Nippun

スコア1147

title CHANGED
File without changes
body CHANGED
@@ -31,6 +31,7 @@
31
31
  })
32
32
  });
33
33
  ```
34
+ app.js
34
35
  ```Javascript
35
36
  require('./db/db');
36
37
 

1

コードを追加しました。

2018/04/23 03:19

投稿

Nippun
Nippun

スコア1147

title CHANGED
File without changes
body CHANGED
@@ -1,7 +1,7 @@
1
1
  JavaScriptとExpressで'invalid csrf token'がでます。
2
2
  実際はPostできるはずなのですが'invalid csrf token'のエラーが出てうまくPostできません。
3
3
  [このサイトを参考にしました](http://webdesign-dackel.com/2015/09/29/vagrant-node-express4-mongodb/)
4
-
4
+ [GitHUb CSRUF](https://github.com/expressjs/csurf)
5
5
  index.js
6
6
  ``` JavaScript
7
7
  const express = require('express');
@@ -31,6 +31,105 @@
31
31
  })
32
32
  });
33
33
  ```
34
+ ```Javascript
35
+ require('./db/db');
36
+
37
+ const createError = require('http-errors');
38
+ const express = require('express');
39
+ const path = require('path');
40
+ const cookieParser = require('cookie-parser');
41
+ const logger = require('morgan');
42
+
43
+ const session = require('express-session');
44
+ const csurf = require('csurf');
45
+ const mongoose = require('mongoose');
46
+ const flash = require('connect-flash');
47
+ const methodOverride = require('method-override');
48
+ const bodyParser = require('body-parser');
49
+ const MongoStore = require('connect-mongo')(session);
50
+
51
+
52
+ const indexRouter = require('./routes/index');
53
+ const usersRouter = require('./routes/users');
54
+ const postRouter = require('./routes/post');
55
+
56
+ const app = express();
57
+
58
+
59
+ const mongoURL = 'mongodb://local';
60
+ mongoose.connect(mongoURL, function (err) {
61
+ if(err){
62
+ console.error('mongoDB: error');
63
+ }else{
64
+ console.log('Success connect);
65
+ }
66
+ });
67
+
68
+ app.use(methodOverride(function(req, res){
69
+ if( req.body && typeof req.body === 'object' && '_method' in req.body ){
70
+ const method = req.body._method;
71
+ delete req.body._method;
72
+ return method;
73
+ }
74
+ }));
75
+
76
+ app.use(session({
77
+ secret: 'a',
78
+ resave: false,
79
+ saveUninitialized: false,
80
+ store: new MongoStore({
81
+ mongooseConnection: mongoose.connection
82
+ }),
83
+ cookie: {
84
+ httpOnly: false,
85
+ secure: true,
86
+ maxage: 1000 * 60 * 30 // 30 minutes
87
+ }
88
+ }));
89
+ app.use(csurf());
90
+ app.use(flash());
91
+
92
+
93
+
94
+ // view engine setup
95
+ app.set('views', path.join(__dirname, 'views'));
96
+ app.set('view engine', 'ejs');
97
+
98
+ app.use(logger('dev'));
99
+ app.use(express.json());
100
+ app.use(bodyParser.json());
101
+ app.use(express.urlencoded({ extended: false }));
102
+ app.use(bodyParser.urlencoded({ extended: false }));
103
+ app.use(cookieParser());
104
+ app.use(express.static(path.join(__dirname, 'public')));
105
+
106
+
107
+
108
+ app.use('/', indexRouter);
109
+ app.use('/users', usersRouter);
110
+ app.use('/post', postRouter);
111
+ app.listen(process.env.PORT || 8000);
112
+
113
+
114
+ // catch 404 and forward to error handler
115
+ app.use(function(req, res, next) {
116
+ next(createError(404));
117
+ });
118
+
119
+ // error handler
120
+ app.use(function(err, req, res, next) {
121
+ // set locals, only providing error in development
122
+ res.locals.message = err.message;
123
+ res.locals.error = req.app.get('env') === 'development' ? err : {};
124
+
125
+ // render the error page
126
+ res.status(err.status || 500);
127
+ res.render('error');
128
+ });
129
+
130
+ module.exports = app;
131
+ ```
132
+
34
133
  new.ejs
35
134
  ```HTML
36
135
  <form action="/create" method="post">