Closed raymcdermott closed 1 year ago
Hi @raymcdermott,
It sounds like you are actually running 2 servers; figwheel and another server on 9090. If that is the case, you must load your page from 9090 in order for CSRF to work. So instead of navigating to the figwheel hosted page (localhost:3449), just use the 9090 hosted page (localhost:9090) instead.
However when you do that, be aware of this issue https://github.com/ptaoussanis/sente/issues/318
The ring site defaults do not send a CSRF when serving a file. So if you have something like index.html
it still wont work... The way I work around that is (wrap-defaults app-routes (dissoc site-defaults :static))
so that instead my (route/resources "/")
handles the request with a CSRF token. Can you confirm whether you are loading the page from a file? Please try disabling the ring static middleware and loading from 9090 if so.
Alternatively you can tell figwheel to use a specific ring handler and use that instead of running the 9090 port, and then you don't need to run the 9090 server.
I hope that helps, let me know if you are still having trouble with it.
Thanks. I understand the issue but want the client and server to be managed separately.
It turns out to only be a dev issue.
I do all the comms over WS so it's not really a problem for my use case.
Hi @raymcdermott
It sounds like you have an idea here that I'm not quite grasping... Could you please explain a bit more what you mean by "client and server to be managed separately" and why this only applies to dev?
Closing for inactivity, as part of issue triage. Please feel free to re-open if this issue is still relevant - thanks!
As you know, by default sente tries to connect to the host in the browser window, which is very convenient.
When using figwheel however the browser host points to the figwheel server and that gets sente confused, which is fair enough.
My solution was to add
:host "localhost:9090"
to themake-channel-socket-client!
options map. That got me connected.But I have a CSRF warning.
I am using the default ring middleware defaults from the sample project setup.
It might be that this warning only pops up in development in which case I can ignore it and move on but it makes me a little nervous so I hope that you folks don't mind me opening up the issue for the record (cos Slack is too forgetful).
I could proxy the
/chsk
routes in figwheel if necessary but wondered if there is a simpler or more direct solution.