-
-
Save anonymous/99f176f41aff7b9977b7 to your computer and use it in GitHub Desktop.
Attempts to insert and then POST a CSRF token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;; Two main methods have been suggested. | |
| ;; 1. On the front end, GET and then POST the CSRF token. | |
| ;; 2. On the back end, insert the CSRF token in the page header, | |
| ;; and then on the front end access that attribute and POST it. | |
| ;; METHOD 2 | |
| ;; See below, commented out, 3 different attempts to include in handler.clj page template. | |
| (def home-page | |
| (html | |
| [:html | |
| [:head | |
| [:meta {:charset "utf-8"}] | |
| [:meta {:name "viewport" | |
| :content "width=device-width, initial-scale=1"}] | |
| ; [:script {:type "javascript"} (def csrf {{csrf-token}})] | |
| ; [:meta {:csrf-token *anti-forgery-token*}] | |
| ; [:meta {:csrf-token (generate-string {:csrf-token *anti-forgery-token*})}] | |
| (include-css "css/vendor/bootstrap.min.css") | |
| (include-css "css/flat-ui-pro.css")] | |
| [:body | |
| [:div#app] | |
| (include-js "/js/vendor/jquery.min.js" | |
| "//code.jquery.com/ui/1.11.2/jquery-ui.js" | |
| "//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css" | |
| "/js/vendor/video.js" | |
| "/js/flat-ui-pro.min.js" | |
| "/js/app.js")]])) | |
| ;; Actually for some ungodly reason this returns a TypeError, saying save-stuff below is undefined. | |
| (def csrf-token (attr (sel1 "meta[name='csrf-token']") | |
| "content")) | |
| (defn save-stuff [] | |
| (ajax/POST "/submit" {:headers {:__anti-forgery-token csrf-token}})) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment