node.js - 500 TypeError: Object #<IncomingMessage> has no method 'csrfToken' -


i trying add csrf protection nodejs app using express. when add midlleware :

 app.use(function (req, res, next) {       res.locals.csrftoken = req.csrftoken(); }); 

i error :

500 typeerror: object #<incomingmessage> has no method 'csrftoken' 

someone can me resolve this.

here app.js code :

var express = require('express')        , routes = require('./routes')        , http = require('http')       , path = require('path');       var app = express();       app.configure(function () {         app.set('port', process.env.port || 3000);         app.set('views', __dirname + '/views');         app.set('view engine', 'jade');         app.use(express.favicon());         app.use(express.logger('dev'));          app.use(express.bodyparser());         app.use(express.cookieparser());         app.use(express.session({ secret: 'the secret' }));         app.use(express.csrf());       app.use(function (req, res, next) {               res.locals.csrftoken = req.csrftoken();         });        app.use(express.methodoverride());       app.use(app.router);       app.use(express.static(path.join(__dirname, 'public'))); });  app.configure('development', function(){   app.use(express.errorhandler());  }); 

csrf , other middleware except static not bundled express 4.x anymore - my assumption you're using 4.x

if express version 4.x, you'll need manually install csurf , use instead of express.csrf()

see more details middleware https://github.com/senchalabs/connect?#middleware , changes explanation here http://expressjs.com/guide/using-middleware.html#middleware.built-in

later edit: express 3.x branch need minimum version of 3.4.0 since csrftoken() method first appears in express@3.4.0, being package when connect updated 2.9.0 first connect version provide csrftoken method.


Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -