This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-08-19
Channels
- # announcements (15)
- # babashka (4)
- # beginners (55)
- # calva (92)
- # cider (70)
- # circleci (1)
- # clj-kondo (136)
- # cljdoc (2)
- # clojars (11)
- # clojure (48)
- # clojure-australia (1)
- # clojure-europe (30)
- # clojure-nl (3)
- # clojure-sweden (2)
- # clojure-uk (7)
- # clojurescript (40)
- # conjure (5)
- # core-async (11)
- # cursive (55)
- # data-science (1)
- # datomic (10)
- # degree9 (2)
- # development-containers (15)
- # events (1)
- # fulcro (14)
- # gratitude (13)
- # helix (5)
- # lsp (35)
- # malli (10)
- # meander (18)
- # off-topic (24)
- # pathom (13)
- # polylith (12)
- # practicalli (6)
- # re-frame (13)
- # reagent (33)
- # reitit (4)
- # remote-jobs (1)
- # shadow-cljs (13)
- # spacemacs (31)
- # specter (1)
- # stepwise (2)
- # tools-deps (19)
- # vim (1)
- # xtdb (7)
Hi all, I'm using the template and I'm striking a problem that when my login function writes to the session using augment-response
, it causes the next request to fail the CSRF test.
My call to augment looks like this:
(fmw/augment-response
result
(fn [resp]
(log/debug resp)
(log/spy :debug (clojure.core/update resp :session merge result))))
- {}
- (clojure.core/update resp :session merge result) => {:session {:k/id 1, :k/name "hhh", :k/valid? true}}
I can read that update on the :session
key in the response, but the immediate next request doesn't get out of wrap-defaults
.
The failing request does include the same ring-session
value in the cookie, and has an unchanged x-csrf-token
.
Any hints? thanks!Oh, it looks like I need to carry the session including anti-forgery-token
across from the request in my mutation?
This seems like a problem when there are multiple augmentations, and they each merge the original request session, undoing the effect of prior augments?
The patch might be for handle-api-request
to take an option with the starting map, merge with {:status 200 ...}
, so you could inject the request's session.
Ok, it just depends on the order you merge the maps, except when one augment removes a key, and the next refreshes it from the request.
Thanks @U0CKQ19AQ - bug is too strong a word. The docs in s11.4.4 don't mention this side effect and I didn't come to understand it until I logged quite a bit and looked more carefully at the template. Would you like a patch for the docs or handle-api-request idea to consider?
A patch for the docs is fine if you have some ideas or extra examples you'd like to give. Not sure what you mean by the handle-api-request idea, but shoot
@U0CKQ19AQ pull requests submitted..
Is there a reason this isn't wrapped in a vector? https://github.com/fulcrologic/fulcro/blob/174f5ad36373eba5385fb1e3e9f85b1943547c0b/src/main/com/fulcrologic/fulcro/algorithms/tx_processing.cljc#L18
@U0CKQ19AQ just two lines above is the same namespace, but this time wrapped in a vector. Is there some reason for the duplication? Maybe just a minor harmless bug?