•  01-12-2021
  •  | 
  •  

Question

I'm using Tower.js 0.4.2-20.

I sent a GET and POST request for HTML FORM tag.
'GET' request is no problem response. but 'POST' request is the following error returned.

I'm missing router setting?

routes.coffee :

Tower.Route.draw ->
  @resources 'service'
  @match '/service/add', to: 'service#add', via: 'post'

ServiceController.coffee :

class ServiceController extends App.ApplicationController
  index: ->
    @render text: "GET"
  create: ->
    @render text: "POST"
  add: ->
    @render text: "ADD"

index.html :

<form method='POST' action='service/add'>
    <div><input type='submit' value='Add'></div>
</form>

Error : 

Error: Forbidden
at Object.exports.error (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/utils.js:44:13)
at Object.module.exports [as handle] (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)
at next (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/proto.js:190:15)
at multipart (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/multipart.js:57:27)
at module.exports (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9)
at IncomingMessage.module.exports (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/urlencoded.js:68:11)
at IncomingMessage.EventEmitter.emit (events.js:115:20)
at Object.resume (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/node_modules/pause/index.js:25:18)
at store.get.next (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/session.js:311:15)
at /var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/session.js:333:9
Was it helpful?

Solution

First guess: your form's relative URL is the problem. Change your form's action attribute to /service/add and see if that helps. The 403 forbidden error you are getting probably means the POST request is going to a different URL path that you expect. For example, if your form is at /pages/service, the form will submit to /pages/service/service/add due to the relative url.

2nd guess: Ah. got it.

at Object.module.exports [as handle] (/var/www/html/melissa/manage/development/yoshiaki-tanaka/node_modules/tower/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)

That crsf module is probably checking for a cross site request forgery token in your form, which would take the form of a <input type="hidden" name="crsf_token" value="YOUR_CRSF_TOKEN"> tag (or something like that). Read the docs on the CRSF middleware you are using about how to create the proper <form> tag HTML including the CRSF token.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top