cusrf without cookie and session for an API node api application

I try to configure the csurf node module for an API that does not use the cookie and session, but it has bearer token authentication.

Below is the code that is what i tried. When i run the below code and getting the below error

Error: misconfigured csrf
    at csrf (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/csurf/index.js:71:19)
    at Layer.handle [as handle_request] (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:317:13)
    at /Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:335:12)
    at next (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:275:10)
    at expressInit (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/middleware/init.js:40:5)
    at Layer.handle [as handle_request] (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:317:13)
    at /Users/saravanan/Documents/Development/nodejs/csurf-demo-1/node_modules/express/lib/router/index.js:284:7

** Code Snippet **

var csrf = require('csurf')
var bodyParser = require('body-parser')
var express = require('express')


var parseForm = bodyParser.urlencoded({ extended: false })

// create express app
var app = express();

app.use(csrf());

// parse cookies
// we need this because "cookie" is true in csrfProtection


app.get('/form', function (req, res) {
  // pass the csrfToken to the view
  res.render('send', { csrfToken: req.csrfToken() })
})

app.post('/process', parseForm, function (req, res) {
  res.send('data is being processed')
});

var PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
    console.log(`Listening on http://localhost:${PORT}`);
}); 

When I try with the below code that looks up for the header to validate the token, i am getting the error as cannot read session of undefined.

var csrf = require('csurf')
var bodyParser = require('body-parser')
var express = require('express')

// setup route middlewares
var csrfProtection = csrf({
    value: (req) => {
        var csrfToken = req.body._csrf || req.headers["x-csrf-token"];
        return csrfToken;
    },
    cookie: false
})
var parseForm = bodyParser.urlencoded({ extended: false })

// create express app
var app = express();

app.use(csrfProtection());

app.get('/form', function (req, res) {
  // pass the csrfToken to the view
  // res.sendStatus(200);
  res.render('send', { csrfToken: req.csrfToken() })
})

app.post('/process', parseForm, function (req, res) {
  res.send('data is being processed')
});

var PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
    console.log(`Listening on http://localhost:${PORT}`);
}); 

How can the API be secured using either the auth token or via the csrf tokens?

226 thoughts on “cusrf without cookie and session for an API node api application”

  1. Simply desire to say your article is as astounding. The clarity for your
    publish is simply nice and i can suppose you’re knowledgeable
    on this subject. Well together with your permission allow me to grab your feed to keep updated with drawing close post.

    Thanks 1,000,000 and please carry on the gratifying work.

    Reply
  2. TABLE Response to Diagnostic Tests in Cushings Syndrome Healthy patient Normal cortisolnormal ACTH Suppression with lowdose dexamethasone Suppression with highdose dexamethasone Mild increase with CRH test cushings disease High cortisolhigh ACTH No suppression with lowdose dexamethasone Suppression with highdose dexamethasone Great increase in cortisol with CRH test Adrenal tumor High cortisollow ACTH No suppression with lowdose dexamethasone No suppression with highdose dexamethasone No change after CRH test Ectopic ActHproducing tumor High cortisolhigh ACTH No suppression with lowdose dexamethasone No suppression with highdose dexamethasone No change after CRH test Endocrine and Metabolic Diseases l stEPUP to MEDicinE b. buy priligy online usa Liegeunsug

    Reply

Leave a Comment