This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-02-14
Channels
- # announcements (4)
- # aws (7)
- # babashka (44)
- # beginners (178)
- # calva (15)
- # cider (3)
- # clj-kondo (15)
- # clojure (139)
- # clojure-dev (8)
- # clojure-europe (2)
- # clojure-italy (2)
- # clojure-losangeles (9)
- # clojure-nl (32)
- # clojure-spec (6)
- # clojure-sweden (1)
- # clojure-uk (27)
- # clojurescript (17)
- # core-typed (116)
- # cursive (26)
- # data-science (1)
- # datomic (14)
- # duct (16)
- # emacs (9)
- # events (1)
- # fulcro (47)
- # jobs (3)
- # juxt (6)
- # keechma (2)
- # malli (59)
- # mid-cities-meetup (8)
- # off-topic (32)
- # pathom (5)
- # reagent (2)
- # remote-jobs (4)
- # rewrite-clj (16)
- # shadow-cljs (14)
- # spacemacs (9)
- # sql (27)
- # tools-deps (37)
- # vscode (7)
Noob here.. I'm trying out duct example here
. Everything works splended! So, I added a new handler to delete a film ..just as basic handler which takes a movie name and calls jdbc/execute to delete the record. But when I try to call it using httpie
I get an error "Invalid anti-forgery token". The config uses :duct.module.web/site
which sets the :anti-forgery
key to true
under :duct.middleware.web/defaults
. I suspect this is the cause of the error. Is there any way to disable the check only for DELETE ..since delete is not called from a form but rather from the list of films being displayed on the page. Or is there a better way of doing this ? Hope I'm making sense 🙂
Well the best practice is to make the DELETE to also pass the anti forgery token. This means that you must have the token in the lists page. You can accomplish that by embedding the token in a meta tag and retrieve it through JS (assuming that the calls are done with XHR).
Thank you for the suggestion..right now this is a simple server side rendered html page ..no javascript
and no XHR
..just simple rest based calls. For now I've changed the settings in config.edn
to :duct.module.web/api
key and that works. I am using httpie
command line tool to do quick testing of api calls instead and once that works, then I setup the UI part of it. Is there any way to change the keys in config.edn
? Cause :duct.module.web/api
takes a map, but I'm not sure how to specify options.
What you did works because :duct.module.web/api
does not include anti forgery protection, but you eventually have to implement. If this is a web app then I recommend sticking with :duct.module.web/site
The page is going to make these DELETE calls how? Through XHR or through form submission?
Yes I understand that. This is just for a quick test before coding the UI. I wouldn't want the web app to use :duct.module.web/api
. But for now it makes my life a bit easier 😊
Right now it's a form based call
If you want to be able to use httpie for manual testing then render the token in the html form in a hidden field and copy its value then pass it in a header in that httpie call you want to make. That's all :) ofc do whatever works for you!
But later I'm planning to use clojurescript
to make the calls
I'm taking one step at a time.. as part of learning Graph APIs
, I want to use pathom
with duct on the back-end
and fulcro
for the front-end
..but will be at a later stage 🙂
Hi, just trying to use Aleph and Yada from duct - I'm getting the error below, which I assume is because returning a manifold deferred is breaking the default middleware. Is there a way that I can switch off the default middleware ?
java.lang.ClassCastException: class manifold.deferred.Deferred cannot be cast to class clojure.lang.Associative (manifold.deferred.Deferred is in unnamed module of loader clojure.lang.DynamicClassLoader @237563b0; clojure.lang.Associative is in unnamed module of loader 'app')
RT.java:823 clojure.lang.RT.assoc
core.clj:191 clojure.core/assoc
core.clj:6169 clojure.core/assoc-in
core.clj:6161 clojure.core/assoc-in
response.clj:79 ring.util.response/header
response.clj:76 ring.util.response/header
response.clj:180 ring.util.response/content-type
response.clj:176 ring.util.response/content-type
content_type.clj:16 ring.middleware.content-type/content-type-response
Yes, you can override the middleware. If you print out the config
variable in the REPL, you can see all the middleware that is added by the web module.
Alternatively, you can write a wrapper around your handler that converts it from an Aleph-compatible handler to a Ring-compatible handler, then write another middleware that converts it back before it hits Aleph.
Ok, thanks, so I assume that this is the key that I want to override ?
:duct.handler/root
{:router {:key :duct/router},
:middleware
[{:key :duct.middleware.web/not-found}
{:key :duct.middleware.web/defaults}
{:key :duct.middleware.web/log-requests}
{:key :duct.middleware.web/log-errors}
{:key :duct.middleware.web/stacktrace}]}
Should I expect this to work ?
:duct.handler/root {:middleware []}
When added to my base profile ? Thanks for your help.