node.js - 500 TypeError: Object #<IncomingMessage> has no method 'csrfToken' -
i trying add csrf protection nodejs app using express. when add midlleware :
app.use(function (req, res, next) { res.locals.csrftoken = req.csrftoken(); });
i error :
500 typeerror: object #<incomingmessage> has no method 'csrftoken'
someone can me resolve this.
here app.js code :
var express = require('express') , routes = require('./routes') , http = require('http') , path = require('path'); var app = express(); app.configure(function () { app.set('port', process.env.port || 3000); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.favicon()); app.use(express.logger('dev')); app.use(express.bodyparser()); app.use(express.cookieparser()); app.use(express.session({ secret: 'the secret' })); app.use(express.csrf()); app.use(function (req, res, next) { res.locals.csrftoken = req.csrftoken(); }); app.use(express.methodoverride()); app.use(app.router); app.use(express.static(path.join(__dirname, 'public'))); }); app.configure('development', function(){ app.use(express.errorhandler()); });
csrf , other middleware except static
not bundled express 4.x anymore - my assumption you're using 4.x
if express version 4.x, you'll need manually install csurf , use instead of express.csrf()
see more details middleware https://github.com/senchalabs/connect?#middleware , changes explanation here http://expressjs.com/guide/using-middleware.html#middleware.built-in
later edit: express 3.x branch need minimum version of 3.4.0 since csrftoken()
method first appears in express@3.4.0
, being package when connect
updated 2.9.0
first connect
version provide csrftoken
method.
Comments
Post a Comment