Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/angular/30.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/xml/15.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
adonis js和angular 6 csrf_Angular_Csrf_Adonis.js_Csrf Token - Fatal编程技术网
Fatal编程技术网
  • angular/
  • adonis js和angular 6 csrf

adonis js和angular 6 csrf

angular

adonis js和angular 6 csrf,angular,csrf,adonis.js,csrf-token,Angular,Csrf,Adonis.js,Csrf Token,我正在创建一个SPA,前端使用Angular 6,后端使用Adonisjs 现在我陷入了csrf的问题中。如果我在adonis/config/shield.js中禁用csrf,我就完成了我的任务。但是,我不想禁用csrf 我在互联网上遵循了一些关于使用角度HttpInterceptor的建议,但仍然不起作用 以下是shield.js中的csrf配置 csrf: { enable: true, methods: ['POST', 'PUT', 'DELETE'], filterUris: ['/a

我正在创建一个SPA,前端使用Angular 6,后端使用Adonisjs

现在我陷入了csrf的问题中。如果我在adonis/config/shield.js中禁用csrf,我就完成了我的任务。但是,我不想禁用csrf

我在互联网上遵循了一些关于使用角度HttpInterceptor的建议,但仍然不起作用

以下是shield.js中的csrf配置

csrf: {
enable: true,
methods: ['POST', 'PUT', 'DELETE'],
filterUris: ['/api/auth/signin'],
cookieOptions: {
  httpOnly: false,
  sameSite: true,
  path: '/',
  maxAge: 7200
}
// compareHostAndOrigin: true}
这是我的token-interceptor.service.ts

    import { Injectable } from '@angular/core';
import {
  HttpClientXsrfModule,
  HttpInterceptor,
  HttpXsrfTokenExtractor,
  HttpRequest,
  HttpHandler,
  HttpEvent
} from '@angular/common/http';
import { Observable } from 'rxjs';

@Injectable()
export class TokenInterceptorService implements HttpInterceptor {
  constructor(private tokenExtractor: HttpXsrfTokenExtractor) {}

  intercept(
    req: HttpRequest<any>,
    next: HttpHandler
  ): Observable<HttpEvent<any>> {
    const headerName = 'XSRF-TOKEN';
    const respHeaderName = 'X-XSRF-TOKEN';
    const token = this.tokenExtractor.getToken() as string;
    if (token !== null && !req.headers.has(headerName)) {
      req = req.clone({ headers: req.headers.set(respHeaderName, token) });
    }
    return next.handle(req);

  }
}

从'@angular/core'导入{Injectable};
进口{
HttpClientXsrfModule,
HttpInterceptor,
HttpXsrfTokenExtractor,
HttpRequest,
HttpHandler,
HttpEvent
}来自“@angular/common/http”;
从“rxjs”导入{Observable};
@可注射()
导出类TokenInterceptorService实现HttpInterceptor{
构造函数(私有令牌提取器:HttpXsrfTokenExtractor){}
拦截(
请求:HttpRequest,
下一步:HttpHandler
):可见{
const headerName='XSRF-TOKEN';
const resphaderName='X-XSRF-TOKEN';
const token=this.tokenExtractor.getToken()作为字符串;
if(token!==null&&!req.headers.has(headerName)){
req=req.clone({headers:req.headers.set(respHeaderName,token)});
}
返回next.handle(req);
}
}
我不知道是否有人截获了Http。因为根据我的请求,我没有看到任何X-XSRF-TOKEN头

我仍然对Adonisjs使用的标记感到困惑。因为当我登录并
console.log(request.csrfToken)
时,我得到了一个值,但该值与数据库中的令牌不同(我使用mongoDB)

我应该从打开应用程序的一开始就获得csrf吗? 还是别的什么

请建议我如何修复它。

在angular客户端应用程序中不需要csrf,您需要启用jwt或api安全中间件