Closed iloginov closed 8 years ago
You do have to explicitly include the token, if you're using Hiccup then you can use (ring.util.anti-forgery/anti-forgery-field)
in the form. It will create the necessary HTML field for validation.
@yogthos can you illustrate this with an example...
What do you mean by 'the form'? What if the post request is coming from a reagent element that isn't inside a form per-se?
basically, how would one place this into the hiccup template above (taken from your book)
{% extends "base.html" %}
{% block content %}
<input
id="token" type="hidden" value="{{csrf-token}}">
I got
Invalid anti-forgery token
when make POST request. Most simple way of avoiding that I found on the net is use Selmer as templating engine:or disable
:anti-forgery
insite-defaults
as described here.I'm wonder if there is simple way to make POST request and do not disable anti-forgery.
Thx.