Support updating the antiforgery token when a boost occurs #16
Conversation
… problematic if a token has been used previously. Note: This updates to HTMX 1.9.5 (latest as of this commit).
|
👋 @AlexZeitler @juchom Could I get a quick review for this PR? This uses HTMX 1.9.2 to check if a request is boosted. That said, the JS should be written in a way that is a no-op for previous versions. |
|
I've made some quick tests, and it works well. Thanks for this quick fix. |
|
I'm not sure I had to replace the meta tag in the DOM, since htmx will use the entity in memory, but I did for the sanity of devs looking at the HTML markup. We could revisit this, but this approach is decent for now. Waiting for feedback on the PR, but will try and get this out sooner than later. |
|
@khalidabuhakmeh Sorry, I won't be able to review it before Friday in a way to give reasonable feedback. |
|
@AlexZeitler no worries, I believe @juchom can still use the JavaScript here to work around his issue. There's no rush. I just like a second set of eyes on this since folks are actually using it. 😱 |
|
@AlexZeitler, @khalidabuhakmeh thanks a lot, it will be done, when it's done ! This is very nice from you to fix it that fast 👍 |
|
👋 Hey folks, I've added a new endpoint for the anti-forgery script, which allows for referencing the script in a I still left the old approach but left a message about the newer approach. As a bonus 🎁: If you use this approach, you won't have to worry about registering event handlers multiple times on boost, since the script will only be loaded once per page. I left the JavaScript checks in place to account for the old way, but they are unnecessary using the endpoint approach. |
|
LGTM |
|
It's going in boys and girls! |
It can be problematic if a token has been used previously.
Note: This updates to HTMX 1.9.2 (the latest as of this commit). #15