Fork me on GitHub
#re-frame
<
2021-08-12
>
wegi12:08:12

Does anybody have an example where ring-anti-forgery is used with a re-frame app?

eins7815:08:13

we use our own lib for CSRF, but the usage would be similar https://github.com/leihs/leihs-borrow/blob/8330d7171b3aac3b38e49d4840bae6440f126745/src/client/leihs/borrow/components.cljs#L84-L85 looking at https://ring-clojure.github.io/ring-anti-forgery/ring.util.anti-forgery.html, it seems to be as simple as

[:form {:action "/sign-out" :method "POST"}
  [anti-forgery-field]
  [:button {:type "submit"} "sign out"]]

👍 3
eins7815:08:14

for AJAX, there does not seems to a helper included, but you just need to include a header to whatever you use to make requests: (def headers {"X-CSRF-Token" (force *anti-forgery-token*)) in our case: https://github.com/leihs/leihs-borrow/blob/9b6fdb61181c376ba4a103e7214907bcfccff7da/src/client/leihs/borrow/lib/re_graph.cljs#L8

wegi16:08:13

Thank you, I’ll take a look at the repos 🙂