Error 403 detected in Node.js Express

My Node App has a page where users can submit their email address to login. When I deploy the app to production, it works fine initially. However, after some time, I start receiving a 403 Forbidden error like the following:

Express
403 Error: Forbidden
at Object.exports.error (/opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/utils.js:63:13)
at createToken (/opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55)
at /opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:7
at Object.ondone (/opt/run/snapshot/package/node_modules/express/node_modules/connect/node_modules/uid2/index.js:46:8)

The log shows the following error message:

err Sun, 09 Mar 2014 11:52:01 GMT Error: Forbidden
at Object.exports.error (/opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/utils.js:63:13)
at createToken (/opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/middleware/csrf.js:82:55)
at /opt/run/snapshot/package/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:7
at Object.ondone (/opt/run/snapshot/package/node_modules/express/node_modules/connect/node_modules/uid2/index.js:46:8)

Restarting the app without making any changes to the code fixes the login issue temporarily. It seems like there may be an issue with the csrf token expiring. I am certain that I am passing a csrf token on the login page as I can verify it in the page source.

I am currently using node version 0.10 and contemplating reverting back to 0.8.

Below is my app configuration:

app.configure(function(){
    app.set('views', __dirname + '/views');
    app.set('view engine','ejs');
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(helmet.xframe());
    app.use(helmet.iexss());
    app.use(helmet.contentTypeOptions());
    app.use(helmet.cacheControl());
    app.use(express.cookieParser());
    app.use(express.session({
        secret: "**********************",
        cookie: {
            maxAge  : 3600000, //1 hours
            expires : new Date(Date.now() + 3600000), //2 Hours
        },

        store: new MongoStore({
            mongoose_connection: mongoose.connection
         })
        })
    );

    //app.use(express.cookieSession({secret:"fooseball123!"}));
    app.use(express.csrf());
    //middleware to make csrf token available 
    app.use(function (req, res, next) {
        //res.locals.token = req.session._csrf;
        res.locals.token = req.csrfToken();
        next();
      });
    app.use(express.compress());
    app.use(app.router);
    app.use(express.static(__dirname + '/public', {maxAge: 86400000}));
    app.use(express.errorHandler());
});
node.jsexpress

Answer №1

After trying a couple of things, the problem seems to be resolved.

  1. Reverting my node version back to 0.8 seemed to help.
  2. Eliminating the cookie parameter from the express.session call made a difference too.

It appears that issue #2 was the main culprit.

However, I'm still unsure how this relates to the csrf errors I encountered previously.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Exploring how to incorporate Express middleware into Firebase Functions for handling HTTPS requests

Encountering a challenge while using Express middleware with Firebase Functions. In this sample, a function is linked to the app() instance as shown below: app.get('*', (req, res) => { res.send(`Hello ${req.user.name}`); }); exports.autho ...

javascriptexpressfirebasegoogle-cloud-functions

Execute test scenarios and upon successful completion, initiate deployment of a React JS application using Jenkins

I am currently facing an issue with running test cases and deploying a React-js app using Jenkins. After pushing my code to Git, I can successfully run the React-js app locally. However, when trying to execute the second command mocha (which is used to ru ...

node.jsreactjsjenkinscontinuous-integration

Issue encountered when trying to access the webpage through a puppeteer connection

I am currently experimenting with web scraping using the puppeteer library to extract data from a Chrome page. I have managed to connect to an existing Chrome page in debugging mode by obtaining the ws URL and successfully establishing a connection. Here i ...

javascriptnode.jspuppeteer

Is there a way to redirect the results of the 'find' command into a pipeline that will trigger the execution of 'more' followed by 'grep' on the package.json file located two directories above?

I'm on a quest to identify the troublesome package.json file that is triggering a dependency warning. The warning originates from a sub-module, and I have employed a find command find . -name 'foo' to reveal its location. /a/very/very/very/ ...

node.jsbashnpm

Issue with handling a Promise Rejection error in a React/Next.js project while working with the openAI API

Currently, I am in the midst of working on a React/Next.js project where I have come across an error regarding Unhandled Promise Rejection within my code. Resolving this issue has proven to be quite challenging. Here are the specifics of the problem: Erro ...

node.jsnext.jsopenai-api

"Exploring the dynamic capabilities of Node.JS and Java Publisher/Subscriber

I am working on developing an application where communication will be facilitated through a node.js server. This node server is responsible for receiving messages from other peers. Here is the code snippet for my node.js: var zmq = require('zmq&apos ...

javanode.jssocketszeromqdata-stream

Access not granted while utilizing Yeoman for scaffolding an application

Having some trouble setting up a new project with Yeoman and Angular. I've tried running "yo angular" and "yo app", but keep encountering the same error message. Unfortunately, I'm not very familiar with Terminal. Error: EACCES, permission denie ...

angularjsnode.jsterminalnpmyeoman

Generating a unique user ID similar to Zerodha's user ID using Node.js/JavaScript

For a project I'm working on, I need to create random and unique User IDs. I came across Zerodha's user IDs which are easy to remember. In Zerodha user IDs: The first two characters are always letters followed by four numbers. I want to generat ...

javascriptnode.jsnpm

Steps for converting a file with JSON objects to a JSON array

I have a JSON file with multiple objects stored in a single file that I need to convert into a JSON array using JavaScript. My main objective is to create a CSV file from this data. Here is an example of the file content: { Name:"nom1", Cities:[&apos ...

javascriptnode.jsjsoncsvnpm

What is the best way to handle extensionless files and serve them as text/html using Express?

Currently, I am facing an issue with serving extensionless files as text/html on my static website using Express and Nginx. Despite my attempts to modify the MIME type in a managed environment like Azure App Service on Linux, the files are still being serv ...

azureexpressnginxazure-web-app-service

The Socket.io Chat application is indicating a memory leak with the EventEmitter, detecting 11 listeners that have been added. To resolve this issue

My private chat application is built using socket.io, node.js, and MySQL. However, I encountered an error when trying to use socket.on('example', function(data){...});. The error code thrown is related to a possible EventEmitter memory leak with ...

javascriptmysqlnode.jsexpresssocket.io

Encountering difficulty in accessing game.html following button clicks

Why isn't the redirection to game.html happening after clicking on the buttons in index.html? The file structure consists of server/server.js, public/index.html,public/game.html. <!DOCTYPE html> <html> <title>QUIZ GAME</title ...

javascripthtmlnode.jsexpresssocket.io

error encountered in node.js express route.get() function

I have used express-generator and installed the necessary dependencies. The only thing I've changed is the app.js file, which I have included here. Upon running npm start, I encountered an error. I have provided both the error message and the app.js ...

node.jsexpressnpm

What is the best way to import a TypeScript file in index.js?

I've recently developed an application using the react-express-starter template. I have a "server" directory where the backend is created by nodejs, containing an index.js file: const express = require('express'); const app = express(); c ...

javascriptnode.jstypescript

Troubleshooting: Issues with PassportJS JWT Strategy Integration with Node.js and MySQL

My app's authentication feature is causing me trouble. Every time I try to run my server.js file, I encounter the error "TypeError: Cannot read property 'fromAuthHeaderAsBearerToken' of undefined at Object." which prevents me from moving for ...

node.jsexpresspassport.js

Update the query function within Sequelize

Currently, I am in the process of learning about "Sequelize". After going through the documentation, I stumbled upon this code snippet elsewhere. Model = require('../models/Salesman') module.exports.creareSalesman = (req, res, next) => { Model ...

node.jssequelize.js

Invent a transformative proxy server that alters the referer

I'm currently working on an IIS server and I need to redirect all requests to an S3 bucket. The access is granted through the referer, however, my proxy server only shows the host as "proxy.domainhost.com". In order to achieve this, I am using the re ...

node.jscross-domain

Duplicate a few objects from the assortment

I am looking to duplicate some specific data within a collection. For instance, the output of this query; db.collection("test").find({tag: "ABC"}); which returns; {"_id" : "1","tag" : "ABC"} {"_id" : "2","tag" : "ABC"} I want to duplicate these 2 ite ...

node.jsmongodbdatabase

Provide access to MongoDB data in a route quickly

I'm facing what appears to be a simple issue, yet struggling to locate comprehensive documentation on it. My goal is to pass JSON data from mongodb into a route for it to be accessible in my ejs template. Here is my schema: var GiveSchema = new Sc ...

node.jsexpressmongooseejsembedded-javascript

Error in backend request originating from an Angular 2 source

I have an email for user verification that includes a link to my angular 2 route localhost:4200/verify/{userId}. When the user clicks on this link, it directs them to the angular 2 route where I extract the userId from the URL and pass it into my service. ...

node.jsangularexpress