-
-
Save anonymous/27302db67a819eb36292 to your computer and use it in GitHub Desktop.
Attempts to GET and then POST a CSRF token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;; Two main methods have been suggested. | |
| ;; 1. On the front end, GET and then POST the CSRF token. | |
| ;; 2. On the back end, insert the CSRF token in the page header, | |
| ;; and then on the front end access that attribute and POST it. | |
| ;; METHOD 1. | |
| ;; Prepared in handler.clj for GET request. | |
| (defroutes routes | |
| (POST "/submit" [] home-page) | |
| (GET "/token" [] (generate-string {:csrf-token | |
| *anti-forgery-token*})))``` | |
| ;; Attempt to include in function | |
| (defn save-stuff [] | |
| (let [token (ajax/GET "/token")] | |
| (ajax/POST "/submit" {:__anti-forgery-token token}))) | |
| ;; Function above is called from this button | |
| (defn save-button [] | |
| [:input {:type "button" | |
| :class "btn btn-info" | |
| :value "Save" | |
| :on-click #(save-stuff)}]) | |
| ;; Attempt to include CSRF in button itself. | |
| (defn save-button [] | |
| [:form | |
| [:input {:type "hidden" | |
| :name "__anti-forgery-token" | |
| :value csrf-token}]] | |
| [:input {:type "button" | |
| :class "btn btn-info" | |
| :value "Save" | |
| :on-click #(save-stuff)}]) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment