looking for a way to call update on a parent component when a child component updates. any ideas?

Maybe you could have whatever is updating the child get passed thru the parent to the child

@gadfly361: i’m exploring a callback fn of sorts, thanks

Oh nice :)

@wei: you can do a callback, but to be honest, I've never needed one in Reagent, whereas in Om I've used plenty

@wei: but it all depends I guess

I am converting my Luminus generated web app from secretary to silk, and as I follow ks-front-routing-example I notice it uses an atom to store the current route (https://github.com/metosin/ks-front-routing-example/blob/master/src/clj/ks_front_routing/ui/routing.cljs#L10) while Luminus uses the session (https://github.com/luminus-framework/luminus-template/blob/master/src/leiningen/new/luminus/cljs/src/cljs/core.cljs#L53). What are the implications of one vs the other?

@borkdude: I ended up not using a callback. found a pure CSS way to achieve what I wanted to do (hide/show animations)

k

anyone have a good pointer to an example of wiring liberator to reagent components?

good example, not good pointer, I mean.

@curtosis: I have one here: https://github.com/borkdude/lein2boot

@curtosis: nothing special, just ajax calls

ahh, cool, thanks!

I expect I will also need to sort out the interaction with the csrf wrapping luminus does.

@curtosis: I solved that using a cookie

in that project? I'll poke around. 😁

no, not in that project

in some other project

csrf is only triggered with a post when you use something like ring-defaults

in some other project I made a /csrf end point which I call first, before doing any other posts

@curtosis: don't know if that's the best way, but it worked in my case. Another way is sending a cookie with the .html page

hmmm. ok. I do need to do a post (large data) so I may run into it.

but that's not really reagent-specific.

not really, but welcome to ask

@curtosis: I was told that calling a /csrf end point largely obviates the point of having it. In the end I used Enlive to get the token from the ring-session and put it on the page. Then I used dommy to select it on the client-side, and included it in the POST request headers. May not be the best way to do it, though.

interesting.... I'll have to look into that. I think last time I poked at it I was having a hard time getting the token in the page headers in the first place. Probably just something stupid on my part.

Maybe, but if so, that goes for me too. I was unable to find anything helpful about getting the token from Clojure to ClojureScript - a lot of people assume you'll just serve the token with your form, but that assumption doesn't hold if all your html is client-side.

@bostonou helped set me on the right track over email.

Yeah, I'm not using a classical server-side form either. But I guess the server-side could just stick *anti-forgery-token* somewhere in the page...

Here is what I did.

thanks!

it seems like a simple thing, but it sort of makes sense that cljs doesn't have access to the headers of the page it's loaded from.

actually, I bet you could just use a <form> with only the wrap-csrf hidden field tag in it.

I haven't extensively tested throwing it in the meta tag, although I think I did try that. I'm curious to see if you figure out a way with <form> suitable for cljs.

OTOH: https://github.com/ring-clojure/ring-anti-forgery#caveats

"This middleware should not be applied to handlers that define web services."

But it should be used with browsers.

true.... though it's arguable whether an ajax call is accessing a web service or not. 😉

Agreed! I'm not clear on which category we should put a client-side web form that uses another function to make an ajax call.

But I figured the browser part meant there was some vulnerability which CSRF could help with...just me spitballing...

I think the issue is primarily some other site triggering a request to your site in the browser, which would include any cookies or privileges you already have, but to do things behind your back. So it's really a question of whether the service depends on browser session for authentication. Again, I think. I quit doing security work for a reason.

Ooh, good point. So, does an ajax call depend on the browser session? Inquiring minds want to know... 😉

I transferred a jar from my Mac to an Ubuntu. On one page, I used if to display one div or another, based on a boolean (it's a Reagent SPA). This doesn't work on the Ubuntu, with the same jar, and Java 8 installed. Everything else works though. My google-fu reveals nothing helpful. Is there some Ubuntu ClojureScript gotcha I should be aware of?

I believe (but have not tested) that XHR requests include any cookies a normal browser request would include.

to the same origin, that is.