What is the problem with csrf in Egg.js?

I now have a problem. I am using Egg.js,Egg.js to enable csrf,POST requests by default. All csrf,POST requests need to be accompanied by csrf headers. CsrfToken is in Cookie. The problem is that my first access is a POST request, but there is no csrfToekn, in Cookie, so when this API is accessed, it is blocked because there is no csrf header.

for example, I have a registered API, but access must be carried with the csrfToken, stored in the Cookie. To get the csrfToken, you must first GET it. Then, my first request is POST, because it is registered with API, so there is no csrfToken

in Cookie.

do I have to GET casually before I register?

or I can close csrf, to solve this problem

it feels a little inelegant.

Csrf koa2 eggjs

Jul.30,2021

my solution is to turn this off and use my own authentication scheme. In fact, you don't have to worry about CSRF attacks for front-end and back-end separate projects, just use your own authentication scheme. If it is not the front and rear separation of the registration login page mentioned above, it is also possible to render the output with Egg.

Previous: How to change the idea of native php and laravel to laravel?

Next: Why is request.status=0? There is no problem with php and browser return.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3542b-2b4c8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3542b-2b4c8.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?