DaTebe DaTebe - 1 year ago 100
Node.js Question

KeystoneJS CSRF on own pages

I'm searching for an easy way to set an CSRF Token and check it on every POST/PUT/... request.

There is already an mechanism in the AdminUI. Can this be used on the "normal" webpages?

I'm aware of the
functions. But where is the best place to call them?

Many thanks in advance!

I have tried to use



in my routes file. The token is set in my cookie. Also the cookie is transmitted when I request the server.
But the validate method tells me: "mismatch token". Maybe I have an conceptual misunderstanding. I thought, that this would work out of the box. What am I missing?

I will add the token to my form. I missed this step...

Answer Source

You can call it as a common middleware, just define it in your routes/index.js file: