Comments (3)
trajekolus
commented on June 11, 2024
Another anomaly I see in the DEBUG output is a space between the port and the path:
csrf Login to https://blablaserver.internal:8469 /customer/login
Also, if I do console.log(result), one thing I notice is:
path: '/login',
The path should be '/customer/login'
from csrf-login.
trajekolus
commented on June 11, 2024
It appears to me that the problem is that the login url path is not handled right when it consists of two components: /customer/login
The exact same code works fine with a Django site which has /login as the login url path
Full DEBUG:
using environment variables only csrf fetching page /customer/login +9ms csrf login page info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +132ms csrf csrf info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +3ms csrf Login to https://blablaserver.internal:8469 /customer/login +1ms csrf trying to login 0424000771 +0ms csrf success login to undefined +50ms csrf jar RequestJar { _jar: CookieJar { enableLooseMode: true, store: { idx: { 'omvweb04.internal': { '/': { clientsession: Cookie="clientsession=45gb4kgo83lvh2j93dajuq0444; Path=/; hostOnly=true; aAge=48ms; cAge=105ms" } }, null: { '/': { csrftoken: Cookie="csrftoken=76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0; Path=/; hostOnly=true; aAge=50ms; cAge=50ms" } } } } } } +0ms
from csrf-login.
trajekolus
commented on June 11, 2024
In the source, if I change the following in csrf-login.js, it works:
change:
var loginUrl = csrfInfo.url
to
var loginUrl = conf.get('loginPath')
from csrf-login.
Related Issues (15)
- Describe using this login HOT 2
- Add expressjs server with session id
- Send referer header
- use debug module to enable diagnostics
- Print url when cannot find login form
- Allow passing config options
- Move jar to returned properties object HOT 1
- Add demo script HOT 1
- Detect unsuccessful login
- Search for the settings file using __dirname
- Pass start folder for search to config
- Error on Linkedin HOT 1
- Can't login to ASPX CSRF secured websites HOT 2
- Jar reuse HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csrf-login.