Search code examples
node.jsexpresscsrfcsrf-protection

How Run csrf into loop?

I'm trying to put one csrf into a loop... but this doesn't work for me.

Route

router.get('/:id', ensureAuthenticated, (req, res) => {
    res.render('stories/show', storiesView: stories, 
                             {csrfToken: req.csrfToken()});

});

View

 {{#each storiesView.comments}}

 <a href="#modalOwned" class="waves-effect waves-light btn modal-trigger">HAIL</a>

     
     <div id="modalOwned" class="modal">
         <div class="modal-content">
             <h4>Title</h4>
             <p>sunset of lights {{csrfToken}}</p> 
         </div>
         <div class="modal-footer">
             <a href="" class="modal-close waves-effect waves-green btn-flat">Aggre</a>
         </div>
     </div>

{{/each}}

APP.JS

..code...

app.use(cookieParser());
app.use(csrf({cookie: true}));

If I put csrf outside of loop, this works, but I need the csrf in the loop

Thanks!

Solution

  • To display the csrfToken field from inside the loop you need write it like this:

    <p>sunset of lights {{../csrfToken}}</p>

    The ../ path segment is used to references the parent template scope.