-
-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: how to deal with CSRF token expiry/invalidation? #270
Comments
Of course the solution is to extract a partial and inside the CSRF failed view, return the partial (not the whole layout) if |
You could also use OOB to inject a banner or whatever Would you like to add a section to the tips docs? |
I’d be glad to give a little back. under which section this would go though? CSRF invalidation seems a bit too specific..my solution above is already covered by your “partials” examples. Are you talking specifically about OOB updates? |
I'd suggest a new section called “CSRF invalidation” in the “tips” section. We could try to cover a custom CSRF failure view with a
What do you think? |
That's a good idea. I'll do my best to get to this by the weekend. |
Won’t have time for this in the next two weeks unfortunately. But it’s on my TODO right after that. |
Python Version
No response
Django Version
No response
Package Version
No response
Description
This is more a question more than anything, maybe it’s worth opening a Discussions tab here?
Scenario:
Logged in. Two tabs open. One has the form on it. On the second, user logs out, and the link back in. Tab 1’s CSRF token is now invalid. Now user goes to tab 1 and submits the form.
How do I handle this with HTMX? Right now I’m returning the form and replacing it with
hx-swap
, but when the above scenario occurs - the form gets swapped with the whole layout and the CSRF error view that handles this scenario.So given that the form view is not eve called and it's not another “form invalid” kind of error, what’s the most HTMXy way to handle this?
The text was updated successfully, but these errors were encountered: