Closed danjac closed 10 years ago
It's like the problem here
https://github.com/noir-clojure/lib-noir/blob/master/src/noir/util/middleware.clj#L167
(-> (apply routes app-routes)
(wrap-request-map)
(api)
(with-opts wrap-multipart-params multipart)
(wrap-middleware middleware)
(wrap-access-rules access-rules)
(wrap-noir-validation)
(wrap-noir-cookies)
(wrap-noir-flash)
(wrap-noir-session
{:store (or store (memory-store mem))}))
as wrap-middleware
happens after the api
that wraps params. Could you try it with a custom app-handler that looks like this?
(defn app-handler
[app-routes & {:keys [store multipart middleware access-rules]}]
(-> (apply routes app-routes)
(wrap-middleware middleware) ;move middleware to the front of the stack
(wrap-request-map)
(api)
(with-opts wrap-multipart-params multipart)
(wrap-access-rules access-rules)
(wrap-noir-validation)
(wrap-noir-cookies)
(wrap-noir-flash)
(wrap-noir-session
{:store (or store (memory-store mem))})))
if that helps I'll just change the ordering and make a new release
I did a bit of testing and this does seem to solve the problem. I released a new version 0.6.8
on Clojars let me know if that works for you.
Works beautifully, thank you for the quick response!
in my handler.clj:
In my routes:
Consistently I get the "Invalid anti-forgery token" message, which means the middleware is installed ok but not able to compare the session and posted values correctly.
Digging into the anti-forgery code, it appears to look at the session and request :form-params. However, while it's loaded into the session correctly form-params is just nil - so the issue appears to be with lib-noir (somewhere in the middleware stack) as opposed to ring-anti-forgery - for some reason form-params is unavailable at this point. I tried adding wrap-params to the middleware but still no joy.