I am using the csrf protection in my MEAN-Stack Application with the csurf node.js module.
As long as I send POST requests from my Angular frontend to the web service, everything works fine. But if I try to make a POST request via postman, I'll always face:
"ForbiddenError: invalid csrf token"
According to the first answer from How do I send spring csrf token from Postman rest client? i get the Token out of the cookie from the login request and set it to every post request. Get requests are working fine.
I configured it as follows:
app.use(csrf({cookie: {path: '/', httpOnly: true}}));
app.use(function(req, res, next) {
let token = req.csrfToken();
res.cookie('XSRF-TOKEN', token);
res.locals.csrfToken = token;
next();
});
Best regards,
Tobias
