Pre Exam Test Practice (SSC | Banking | IAS | GATE | State Level | CLAT | Railways | Insurance | Teaching Exams | NDA | Defence | IES |State Exam )

Organizational Research By

Surprising Reserch Topic

how to test endpoints protected by csrf in node js express

how to test endpoints protected by csrf in node js express  using -'node.js,angularjs,express,request,csrf'

I have implemented csrf (cross-site request forgery) protection in an express like so:

app.use(function (req, res, next) {
  res.cookie('XSRF-TOKEN', req.csrfToken());

This works great. Angularjs utilized the csrf token in all requests made through the $http service. The requests that I make through my angular app work great.

My problem is testing these api endpoints. I'm using mocha to run my automated tests and the request module to test my api endpoints. When I make a request to an endpoint that utilizes csrf (POST, PUT, DELETE, etc.) using the request module, it fails, even though it correctly utilizes cookies and such.

Has anybody else come up with a solution to this? Does anyone need more information?

Example of test:

function testLogin(done) {
    method: 'POST',
    url: baseUrl + '/api/login',
    json: {
      email: '',
      password: 'mypassword'
  }, function (err, res, body) {
    // do stuff to validate returned data
    // the server spits back a 'FORBIDDEN' string,
    // which obviously will not pass my validation
    // criteria


asked Sep 18, 2015 by vijayshukla80
0 votes

Related Hot Questions

Government Jobs Opening