How to bypass axios built in CSRF protection?
|Added at||2016-12-28 19:12|
I'm making a NodeJS Express app, that in a certain scenario gets a request from a user, then forwards the request to a 3rd party site and once it receives a response from the 3rd party, forwards it back to the user. Nothing too complicated.
I am having a problem with the HTTP module axios. Which as it appears to have some sort of XSRF protection built into it, which causes my app to throw an error even though the request data from the user is being validated before anything else is done with it. Here is a simplified version of my code:
As mentioned in the code comments, if I send a request with a string that I created on the server, everything works fine, however if I use a string, that is derived from the user's request data (a 1+ digit number), the following error is thrown:
That looks like axios' built in XSRF protection. Any ideas how to bypass it, other than using another HTTP request package?