I'm a newbie. I'm using a browser plugin that hits my node server, and need a csrf token.
What I have isn't generating anything:
app.use(express.csrf());
app.dynamicHelpers({
token: function(req, res) {
return req.session._csrf;
}
});
...and then I reference token in my jade file
input(type="hidden", token=token)
I don't understand what should be generating the token--guessing connect. Regardless I don't see a value.
tried console.log(token) as well //undefined
I posed the question here and had it working, but now it's not after upgrading to node .67 and updating modules. How do I generate CSRF tokens in Express?
Any help for a guy down on his luck? :)
Make sure app.use(express.csrf()); is in the right order within your app.configure(). It needs to follow express.session(), express.cookieParser(), app.bodyParser(), app.query() -- and anything else that parses the submitted CSRF token into the req object.