DaTebe DaTebe - 3 months ago 11
Node.js Question

CSRF Mismatched Token

I have a problem with mismatching csrf token in KeystoneJS.
I use this in my routes file:


In my client side code I set a x-csrf-token header with jQuery:

$.ajaxSetup({ headers: { 'x-csrf-token' : '{{csrf_token_value}}' } });

Now I send a post request to a route defined in my routes file. The csrf token in my request header and my cookie are the same. What am I missing?

Many thanks in advance!


The solution for me was to make a meta-tag and use it to fill my ajaxSetup method.

<meta name="csrf-token" content="{{csrf_token_value}}">

    headers: {
        'x-csrf-token': $('meta[name="csrf-token"]').attr('content')

Now also the token send in my header and cookie are different (maybe the one in the cookie is encrypted by KeystoneJS?).

I don't understand why it makes a difference if I put the token directly in my ajaxSetup method or the meta-tag?

I would be nice if some could explain it to me. It would definitely impove this answer as only the 'how' is adresed and not the 'why'.