Open youyoumu opened 2 days ago
skryukov
commented
2 days ago Hey @youyoumu, thanks for the issue! I'm happy that inertia-rails became your first OSS repo to contribute an issue to! 😄
It's a bit tricky, but Inertia Rails supports X-XSRF-TOKEN for Inertia requests: https://github.com/inertiajs/inertia-rails/blob/234aaabba071028517857743396fee62683f7a37/lib/inertia_rails/middleware.rb#L93-L95
So the example from your reproduction will work once you add the X-Inertia header.
youyoumu
commented
2 days ago i see. what if we add additional note?
X-XSRF-TOKEN header only works for Inertia requests. If you want to send a normal request you can use X-CSRF-TOKEN instead
or it's not needed because people should use router.visit() instead 🤔
for context, i'm using wretch here
skryukov
commented
2 days ago Yup, sounds great 🙏
youyoumu
commented
1 day ago ok. i just created the PR https://github.com/inertiajs/inertia-rails/pull/171 😄
docs: https://inertia-rails.dev/guide/csrf-protection reference: https://guides.rubyonrails.org/security.html#csrf-countermeasures
here is the video showing X-XSRF-TOKEN doesn't work but X-CSRF-TOKEN does
https://github.com/user-attachments/assets/7ed649c6-7731-42ab-af77-dd93694866b3
note: this is my first issue on open source project, can i get assigned to this? 👀