What is the problem with csrf in Egg.js?

I now have a problem. I am using Egg.js,Egg.js to enable csrf,POST requests by default. All csrf,POST requests need to be accompanied by csrf headers. CsrfToken is in Cookie. The problem is that my first access is a POST request, but there is no csrfToekn, in Cookie, so when this API is accessed, it is blocked because there is no csrf header.

for example, I have a registered API, but access must be carried with the csrfToken, stored in the Cookie. To get the csrfToken, you must first GET it. Then, my first request is POST, because it is registered with API, so there is no csrfToken

in Cookie.

do I have to GET casually before I register?

or I can close csrf, to solve this problem

it feels a little inelegant.

Jul.30,2021

my solution is to turn this off and use my own authentication scheme. In fact, you don't have to worry about CSRF attacks for front-end and back-end separate projects, just use your own authentication scheme. If it is not the front and rear separation of the registration login page mentioned above, it is also possible to render the output with Egg.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e9c079-47684.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e9c079-47684.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?