This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
- # admin-announcements (24)
- # beginners (80)
- # cider (18)
- # cljs-dev (12)
- # clojure (94)
- # clojure-berlin (15)
- # clojure-dev (10)
- # clojure-gamedev (3)
- # clojure-italy (38)
- # clojure-japan (4)
- # clojure-russia (109)
- # clojure-sg (1)
- # clojurescript (161)
- # code-reviews (29)
- # core-async (17)
- # datomic (20)
- # editors (14)
- # instaparse (17)
- # ldnclj (9)
- # off-topic (9)
- # om (2)
- # onyx (2)
- # re-frame (11)
- # reagent (46)
looking for a way to call update on a parent component when a child component updates. any ideas?
Maybe you could have whatever is updating the child get passed thru the parent to the child
@wei: you can do a callback, but to be honest, I've never needed one in Reagent, whereas in Om I've used plenty
I am converting my Luminus generated web app from secretary to silk, and as I follow ks-front-routing-example I notice it uses an atom to store the current route (https://github.com/metosin/ks-front-routing-example/blob/master/src/clj/ks_front_routing/ui/routing.cljs#L10) while Luminus uses the session (https://github.com/luminus-framework/luminus-template/blob/master/src/leiningen/new/luminus/cljs/src/cljs/core.cljs#L53). What are the implications of one vs the other?
@borkdude: I ended up not using a callback. found a pure CSS way to achieve what I wanted to do (hide/show animations)
I expect I will also need to sort out the interaction with the csrf wrapping luminus does.
in some other project I made a /csrf end point which I call first, before doing any other posts
@curtosis: don't know if that's the best way, but it worked in my case. Another way is sending a cookie with the .html page
@curtosis: I was told that calling a /csrf end point largely obviates the point of having it. In the end I used Enlive to get the token from the ring-session and put it on the page. Then I used dommy to select it on the client-side, and included it in the POST request headers. May not be the best way to do it, though.
interesting.... I'll have to look into that. I think last time I poked at it I was having a hard time getting the token in the page headers in the first place. Probably just something stupid on my part.
Maybe, but if so, that goes for me too. I was unable to find anything helpful about getting the token from Clojure to ClojureScript - a lot of people assume you'll just serve the token with your form, but that assumption doesn't hold if all your html is client-side.
Yeah, I'm not using a classical server-side form either. But I guess the server-side could just stick
*anti-forgery-token* somewhere in the page...
it seems like a simple thing, but it sort of makes sense that cljs doesn't have access to the headers of the page it's loaded from.
actually, I bet you could just use a
<form> with only the
wrap-csrf hidden field tag in it.
I haven't extensively tested throwing it in the
meta tag, although I think I did try that. I'm curious to see if you figure out a way with
<form> suitable for cljs.
true.... though it's arguable whether an ajax call is accessing a web service or not. 😉
Agreed! I'm not clear on which category we should put a client-side web form that uses another function to make an ajax call.
But I figured the browser part meant there was some vulnerability which CSRF could help with...just me spitballing...
I think the issue is primarily some other site triggering a request to your site in the browser, which would include any cookies or privileges you already have, but to do things behind your back. So it's really a question of whether the service depends on browser session for authentication. Again, I think. I quit doing security work for a reason.
Ooh, good point. So, does an ajax call depend on the browser session? Inquiring minds want to know... 😉
I transferred a
jar from my Mac to an Ubuntu. On one page, I used
if to display one div or another, based on a boolean (it's a Reagent SPA). This doesn't work on the Ubuntu, with the same jar, and Java 8 installed. Everything else works though. My google-fu reveals nothing helpful. Is there some Ubuntu ClojureScript gotcha I should be aware of?
I believe (but have not tested) that XHR requests include any cookies a normal browser request would include.