search

gobuffalo / buffalo

Rapid Web Development w/ Go
http://gobuffalo.io
MIT License
8.08k stars 576 forks source link

Handling CSRF tokens with my own forms #1367

Closed vitr closed 6 years ago

vitr commented 6 years ago

Steps to Reproduce the Problem

Follow 'How Do I Handle CSRF Tokens If I Use My Own Form?' on the docs page https://gobuffalo.io/en/docs/forms

template.HTML("<input name=\"authenticity_token\" value=\"<%= authenticity_token %>\" type=\"hidden\">")

Expected Behavior

The template should render to value of actual token, the same token as in the header

<meta name="csrf-token" content="<%= authenticity_token %>" />

renders to

<meta name="csrf-token" content="Lc0YrNyM3EkqZgzui1JGStnHbwvfVNB8Iw3O7TMJolHh9ckUsUMBZgDkYolbOybUyJVxrh51O4Y9GkHMOaKqkg==" />

Actual Behavior

In fact, the code from the docs renders to

<input name="authenticity_token" value="<%= authenticity_token %>" type="hidden">

See the variable authenticity_token hasn't been translated into actual value. I'd appreciate if either documentation or code will be corrected. Thank you.

p.s. I think here is the related issue https://github.com/mikaelm1/Blog-App-Buffalo/issues/4

Info

``` ### Buffalo Version v0.12.7 ### App Information Pwd=c:\Users\Vit\go\src\github.com\vitr\app Root=c:\Users\Vit\go\src\github.com\vitr\app GoPath=c:\Users\Vit\go Name=app Bin=bin\app.exe PackagePkg=github.com/vitr/app ActionsPkg=github.com/vitr/app/actions ModelsPkg=github.com/vitr/app/models GriftsPkg=github.com/vitr/app/grifts VCS=git WithPop=true WithSQLite=true WithDep=false WithWebpack=true WithYarn=true WithDocker=true WithGrifts=true ### Go Version go version go1.11 windows/amd64 ### Go Env set GOARCH=amd64 set GOBIN=c:\Users\Vit\go\bin set GOCACHE=C:\Users\Vit\AppData\Local\go-build set GOEXE=.exe set GOFLAGS= set GOHOSTARCH=amd64 set GOHOSTOS=windows set GOOS=windows set GOPATH=c:\Users\Vit\go set GOPROXY= set GORACE= set GOROOT=C:\Go set GOTMPDIR= set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64 set GCCGO=gccgo set CC=gcc set CXX=g++ set CGO_ENABLED=1 set GOMOD= set CGO_CFLAGS=-g -O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS=-g -O2 set CGO_FFLAGS=-g -O2 set CGO_LDFLAGS=-g -O2 set PKG_CONFIG=pkg-config set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\Vit\AppData\Local\Temp\go-build639442350=/tmp/go-build -gno-record-gcc-switches ### Node Version v8.11.2 ### NPM Version 5.6.0 ### Yarn Version 1.3.2 ### PostgreSQL Version PostgreSQL Not Found ### MySQL Version MySQL Not Found ### SQLite Version SQLite Not Found ### Dep Version could not find a Gopkg.toml file ### Dep Status could not find a Gopkg.toml file ```
mycroftsk commented 6 years ago

Code in documentation is probably for older versions of Buffalo.

What works for me: 

// render.go

Helpers: render.Helpers {
    "csrf": func(helper plush.HelperContext) template.HTML {
        t, _ := helper.Render("<input name=\"authenticity_token\" value=\"<%= authenticity_token %>\" type=\"hidden\">")
        return template.HTML(t)
    },
},