search

mikaelm1 / Blog-App-Buffalo

A blogging app built with Buffalo.
31 stars 13 forks source link

CSRF token not found in request #4

Open wwaldbu opened 6 years ago

wwaldbu commented 6 years ago

I followed your tutorial and loved the in-depth explanation, however, I can't seem to get the CSRF token generating. I am right at the spot where a user should be able to register.

Would love to figure out what I am doing wrong. I really love this framework!

screen shot 2018-01-30 at 8 26 48 pm
mikaelm1 commented 6 years ago

Thanks for checking out my tutorial!

Did you add the <%= csrf() %> template helper inside the register form? The details of this template helper function is located towards the end of the "Register Users" section of the tutorial.

wwaldbu commented 6 years ago

Yes, I just double checked and my code all matches yours. Any other ideas? The only thing I changed was using a Postgres database instead of SQLite.

wwaldbu commented 6 years ago

This could possibly be the issue https://github.com/gobuffalo/buffalo/issues/886

mikaelm1 commented 6 years ago

The database and the csrf token are not related, so using Postgres should not matter. I can also see in your stack trace that a csrf token exists in the request's context. This indicates to me that the csrf token that is in the context does not match the one found in the form. And it looks like Buffalo has an open issue (https://github.com/gobuffalo/buffalo/issues/886) that looks similar to what you're seeing. Maybe try using an incognito browser or manually clearing any cookies and session data. Also, another thing is that the token inside the Form seems to be wrong. Your stack trace is showing it's value as <%= authenticity_token %> but it should actually be the value of the authenticity_token in your Context object. My guess is that it's either a problem with the template helper function or an issue with buffalo. Make sure you have all the quotes and back slashes correct in the helper function:

"csrf": func() template.HTML {
    return template.HTML("<input name=\"authenticity_token\" value=\"<%= authenticity_token %>\" type=\"hidden\">")
},
wwaldbu commented 6 years ago

Just tried all those potential solutions and recopied the template helper function. Still getting the same error. Guess I will try some tests to see if I can get a simple form post working properly and follow the issue on Github to see if a solution comes about. Very excited to start contributing to this project!

Pena86 commented 6 years ago

I've just started to learn GoLAng & Buffalo with your tutorial, and stumbled upon the same error as above.

For a quick fix, in the register.html file, instead of <%= csrf() %> insert straight the <input name="authenticity_token" value="<%= authenticity_token %>" type="hidden"> tag, and the auth token will be in its place. Of course now we are not using the helper, but for the tutorial... And just for the stats, I'm using Buffalo version v0.12.1 with postgres database.

Prounckk commented 6 years ago

I had the same issue. My fix is not elegant, but works for register.html and login.html: use nstead of <%= csrf() %> opps, didn't see Pena86's comment :)