Closed fancycade closed 4 years ago
swlkr
commented
4 years ago I’m in the process of making this more explicit but the csrf middleware reads from the ENCRYPTION_KEY environment variable, is that set when running behind nginx?
Hopefully this doc can explain it a little better than what I just did on my phone haha
https://github.com/joy-framework/joy/blob/master/docs/form-submission.md
swlkr
commented
4 years ago You could also rely on samesite=lax or strict and turn off the csrf middleware like this
(app {:routes routes :layout layout :csrf-token false})
fancycade
commented
4 years ago Thank you very much for the quick reply!
In this case I cloned my repo onto a VM, which didn't track .env, and then made a new file.
Turns out I was wrong to assume that my app was not using the ENCRYPTION_KEY anywhere :laughing: .
I set it with a key generated from cipher and it is working just fine now.
Hi there!
I'm running into an invalid CSRF token with POST requests when the server is behind an NGINX proxy.
I've tried a number of NGINX configurations but to no avail.
The source code for the app can be found here.
Thanks!