Express and React, send CSURF token

  csrf, express, http, javascript, reactjs

I have a NodeJs server running some app using EJS,
now I want to add a React app.

But I don’t quite manage to send the csrf token back to the server from React.

Here’s my server setup:

const csrfMiddleware = csurf({
  cookie: true,
});
app.use(csrfMiddleware);

Here I’m trying to send it from the frontend:

 let _csrf = cookie.load("_csrf");
      const config = {
        headers: {
          "CSRF-Token": _csrf,
          "Content-Type": "application/json",
        },
      };

But this doesn’t work, I get ForbiddenError: invalid csrf token.
How am I supposed to get the csrf without breaking the current server functionality?

Thanks in advance

Source: Ask Javascript Questions

LEAVE A COMMENT