403 when posting in postman using Yeoman's Angular-Fullstack

Question

I am trying to populate a local db using MongoDB in my Yeoman Angular-fullstack application. I used the endpoint command:

yo angular-fullstack:endpoint [options] <name>

and can get to the route, but it is an empty object. It will not allow me to post.

I am getting the error: Connect 403 Error: CSRF token missing

Mongod is running fine.

There is authentication on the page, but at this point no forbidden routes.

Thank you for your hellp.

score 11 · Answer 1 · answered Feb 23 '16 at 22:55

Go to your .\server\config\express.js and either change xssProtection to false or add an 'development' !== env to the if statement:

if ('test' !== env && 'development' !== env) { // <- add development env here
    console.log("using lusca");

    app.use(lusca({
      csrf: {
        angular: true
      },
      xframe: 'SAMEORIGIN',
      hsts: {
        maxAge: 31536000, //1 year, in seconds
        includeSubDomains: true,
        preload: true
      },
      xssProtection: true // <- or change this to false
    }));
  }

score 2 · Answer 2 · answered May 31 '16 at 21:17

2

or comment these lines located in \server\config\express.js

 csrf: {
        angular: true
      },

answered May 31 '16 at 21:17

Jesus Rodriguez

2,153
2
19
37

403 when posting in postman using Yeoman's Angular-Fullstack

2 Answers2