preface
- Music Blog is online!
- Hope xiaobian stepped on the pit, you can let the ape friends take a few detours
- Here’s a summary of the problems you might encounter in Egg development
POST request and CSRF
- In egg, if the interface is written, a POST request is made using Postman to test the interface and the controller reports an error
2020-08-06 23:51:23,286 WARN 79968 [-/127.0.0.1/-/ 15MS POST/Users] Invalid CSRF token.see https://eggjs.org/zh-cn/core/security.html# Security threat CSRF prevention - The reason is that Egg helps us configure CSRF defense by default
- CSRF, called cross-site request forgery in Chinese, is a malicious use of a website. CSRF attacks launch malicious forged requests to websites, seriously affecting the security of websites. Therefore, CSRF defense schemes are built into the framework.
“The solution“
Generally, we send AJAX requests. Under the default CSRF configuration, the csrfToken will be set in the Cookie. During the AJAX request, the csrfToken can be fetched from the Cookie. Put it in query, body, or header and send it to the server. Such as:
var csrftoken = Cookies.get('csrfToken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if(! csrfSafeMethod(settings.type) && ! this.crossDomain) {
xhr.setRequestHeader('x-csrf-token', csrftoken);
}
},
});
Copy the codeFor more information about Egg security, go to Egg-Security
The POST parameter cannot be received
- In Egg, if the request is a POST request, use
ctx.request.bodyThe parameters can be received - If the Body is form-data, use
ctx.request.bodyNo arguments are received, because the Egg only accepts argumentsx-www-form-urlencodedThis type of - We just have to change the Body type to
x-www-form-urlencodedYou can usectx.request.bodyReceive parameters
❝
X-www-form-urlencoded multiple field values are concatenated with & for text transmission. (” the form data is encoded as name/value pairs) form – more than the data field values using the above — — — — — — — — — — — — — — — — — — — — — — — — — — — — 961448793903793318528971, This random value is specified in the Content-Type. Form-data is mainly used for transferring files. It tells the server what file name to transfer, mimetype, etc. (” Form data is encoded as a message, one part of the message for each control on the page “)
❞
The configuration alias in tsconfig.json is invalid when EggJs uses typescript
- When using the TypeScript version of egg. js, the
tsconfig.jsonConfigure Paths, as shown below
{
"compilerOptions": {
"baseUrl": ".".
"paths": {
"@ / *": ["app/*"]
}
}
}
Copy the code- This is then reported when the page uses the @ alias to import a file
can't find module @....Error.
“To analyze problems“
- In fact, the Egg will convert the ts file to js file, but will not convert the import module path. If you use the alias configured in ts, you will not find the module after converting to JS.
“To solve the problem“
- tsconfig-paths
- You can use paths only to import declarations rather than values, or you can hook the module path parsing logic in Node with tsconfig-Paths to support paths in tsconfig.json.
- Using tsconfig-Paths can be done directly in the
config/plugin.tsSince plugin.ts is the first path to be loaded in both App and Agent, you can simply introduce tsconfig-Paths in this code.
// config/plugin.ts
import 'tsconfig-paths/register';
.
Copy the code- You can also do without paths
The original link
Juejin. Cn/post / 685791…
Reference documentation
The egg’s official website
An Egg common problem solving (https://github.com/eggjs/egg/issues)
The configuration alias in tsconfig.json is invalid when egg.js uses typescript