On Friday, 12 December 2014 22:58:24 UTC+11, Cesare wrote: > Hi All, > I'm not sure this is the right place to ask... anyway: I have a Luminus > project with cljs template (Clojurescript + Reagent). > > After upgrading lib-noir (now at 0.9.5), it seems that the anti-forgery check > is now enabled by default. > > How can I manage it from ClojureScript, in particular in ajax calls? > > At the moment I get the error "Invalid anti-forgery token" for POST calls. > > Thanks a lot > Bye
I've just managed to work out how to do this. Actually, there are a number of ways to do it, but I think, given you are using luminus, this is the easiest. The basic idea is to add a javascript variable to the page which holds the anti-forgery token. Luminus makes this quite easy as it already adds the csrf-token variable as a standard part of the selmer template. If you add <script type=javascript> var csrf = "{{csrf-token}}"; </script> to the page template, then your clojurescript can get the value in js/csrf and either use that to setup the hidden variable in your javascript generated forms or if you are doing something like cljs-ajax, add it to the headers when makeing the request to the server. -- Note that posts from new members are moderated - please be patient with your first post. --- You received this message because you are subscribed to the Google Groups "ClojureScript" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojurescript+unsubscr...@googlegroups.com. To post to this group, send email to clojurescript@googlegroups.com. Visit this group at http://groups.google.com/group/clojurescript.