Sails JS forbidden POST request

The issue is indeed related to cross-site request forgery, but disabling the corresponding security rule altogether is quite obviously not a solution. CSRF and its treatment in sailsjs are well described in the corresponding part of the manual. In short, for POSTs to work you have to include _csrf in your requests. E.g. in a view template:

<form>
   <input type="hidden" name="_csrf" value="<%- _csrf %>" />
</form>

As said below, removing CSRF protection is not an answer as it may expose the api to a security breach. I currently use JWT but it doesn't seems to be as secure as CSRF token so the only right way is to include the token in every HTTP's request header.

Sails JS forbidden POST request

Tags:

Sails.Js

Postman

Related

Recent Posts