在 luminus 中调用 clojure 函数时出现防伪令牌错误
anti forgery token error when calling a clojure function in luminus
我正在使用 luiminus 学习 clojure,我正在尝试按照示例解析参数。通过使用 curl,我发送要打印的用户名和密码,在以下路由中调用 foo。但是,我收到“无效的防伪令牌错误”。我一直在寻找解决方案,但找不到任何解决方案。请注意,我也在使用 wrap 中间件行。
有什么建议吗?
curl --header "Content-Type: application/json" --request POST --data '{"username":"xyz","password":"xyz"}' 'localhost:3000/foo/bar?foo=bar'
home.clj:
(ns wkom.routes.home
(:require
[wkom.layout :as layout]
[wkom.db.core :as db]
[clojure.java.io :as io]
[wkom.middleware :as middleware]
[ring.util.response]
[ring.util.http-response :as response]))
(defn home-page [request]
(layout/render request "home.html" {:docs (-> "docs/docs.md" io/resource slurp)}))
(defn about-page [request]
(layout/render request "about.html"))
(defn bootstrap [request]
(layout/render request "bootstrap.html"))
(defn form [request]
(layout/render request "form.html"))
(defn foo2 [{:keys [path-params query-params body-params]}]
(print "from foo2\n")
{:status 200 :body (str "path params: " path-params "\nquery params: " query-params "\nbody params: " body-params)})
(defn home-routes []
[ ""
{:middleware [middleware/wrap-csrf
middleware/wrap-formats]}
["/foo/:bar" {:post (fn [{:keys [path-params query-params body-params]}]
{:status 200 :body (str "path params: " path-params
"\nquery params: " query-params
"\nbody params: " body-params)})}]
["/" {:get home-page}]
["/about" {:get about-page}]
["/bootstrap" {:get bootstrap}]
["/form" {:get form
:post foo2}]
["/foo2/:bar" {:post foo2}]])
所以解决方案就是注释掉
middleware/wrap-csrf
默认项目的 home.html 设置了令牌,可以从 cljs 作为 js/csrfToken 访问。它应该作为 :x-csrf-token.
包含在 post 请求中
除非使用其他防伪方法,否则不建议注释掉中间件。
我正在使用 luiminus 学习 clojure,我正在尝试按照示例解析参数。通过使用 curl,我发送要打印的用户名和密码,在以下路由中调用 foo。但是,我收到“无效的防伪令牌错误”。我一直在寻找解决方案,但找不到任何解决方案。请注意,我也在使用 wrap 中间件行。 有什么建议吗?
curl --header "Content-Type: application/json" --request POST --data '{"username":"xyz","password":"xyz"}' 'localhost:3000/foo/bar?foo=bar'
home.clj:
(ns wkom.routes.home
(:require
[wkom.layout :as layout]
[wkom.db.core :as db]
[clojure.java.io :as io]
[wkom.middleware :as middleware]
[ring.util.response]
[ring.util.http-response :as response]))
(defn home-page [request]
(layout/render request "home.html" {:docs (-> "docs/docs.md" io/resource slurp)}))
(defn about-page [request]
(layout/render request "about.html"))
(defn bootstrap [request]
(layout/render request "bootstrap.html"))
(defn form [request]
(layout/render request "form.html"))
(defn foo2 [{:keys [path-params query-params body-params]}]
(print "from foo2\n")
{:status 200 :body (str "path params: " path-params "\nquery params: " query-params "\nbody params: " body-params)})
(defn home-routes []
[ ""
{:middleware [middleware/wrap-csrf
middleware/wrap-formats]}
["/foo/:bar" {:post (fn [{:keys [path-params query-params body-params]}]
{:status 200 :body (str "path params: " path-params
"\nquery params: " query-params
"\nbody params: " body-params)})}]
["/" {:get home-page}]
["/about" {:get about-page}]
["/bootstrap" {:get bootstrap}]
["/form" {:get form
:post foo2}]
["/foo2/:bar" {:post foo2}]])
所以解决方案就是注释掉
middleware/wrap-csrf
默认项目的 home.html 设置了令牌,可以从 cljs 作为 js/csrfToken 访问。它应该作为 :x-csrf-token.
除非使用其他防伪方法,否则不建议注释掉中间件。