Skip to content

Instantly share code, notes, and snippets.

@coyotespike
coyotespike / cljs-CSRF
Created June 25, 2015 16:49
CSRF in Clojure/ClojureScript
;; There are three parts to the problem:
;; (1) putting the token on the page on the server-side,
;; (2) getting it off on the client-side,
;; (3) and then POST-ing it with the request.
;;;; One could also GET and then POST using a route, but that makes the CSRF token useless.
; 1. Putting the token on the page.
; handler.clj
module Main where
import Control.Monad.Eff (Eff)
import Data.Maybe (fromJust)
import Data.Tuple (Tuple(..))
import Graphics.Canvas (CANVAS, Context2D, closePath, getCanvasElementById,
getContext2D, lineTo, moveTo, setLineWidth, strokePath)
import Math (cos, pi, sin)
import Partial.Unsafe (unsafePartial)
import Prelude (Unit, bind, discard, negate, void, ($), (*), (+), (-), (/), (<=))