req.body returning "Forbidden"

Problem

In my node.js express app I'm submitting a form, to an action on a controller. All this controller does is:

send(req.body)

(I'm using RailwayJS (but that's not all that important to this question I don't think) I'm doing this is to get the values in the form

However, it comes back as 'Forbidden'

If I restart node, and refresh the page (confirming i want to post back) then I get the desired result...

Any idea how to get the values of the form without restarting?

Problem courtesy of: Alex

Solution

I think this is related to 'protect from forgery' beforeFilter. Do you pass authencity_token to your post?

Possible solution: skipBeforeFiler('protect from forgery'); -- it disables CSRF protection Better solution: use form_for helper, or pass authencity_token manually. Check apidocs to learn more about CSRF protection: http://jsdoc.info/1602/express-on-railway/helpers.html#instance/csrf_tag

Solution courtesy of: Anatoliy

Discussion

There is currently no discussion for this recipe.

This recipe can be found in it's original form on Stack Over Flow.