-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected InvalidCSRFTokenError when submitted via AJAX with CSRF token in header #1902
Comments
Can you please provide a simple app that reproduces the error? It would On Monday, September 5, 2016, Imran Ismail notifications@github.com wrote:
José Valim |
Sure, just stripped some stuff. Here's the app |
I don't know if you're still having this problem, but I looked into it. Apparently, the problem is that To fix it, you need to give the function submittedRemotely ({target}) {
const request = new window.Request(target.getAttribute('href'), {
method: target.getAttribute('data-method'),
headers: new window.Headers({'x-csrf-token': window.csrfToken}),
credentials: 'same-origin'
})
window.fetch(request)
} |
Thank you @sideburnsandtie! ❤️ I am closing this unless @imranismail has more information. |
Environment
Expected behavior
Set CSRF Token in
app.html.slim
Set a remote link in
projects/index.html.slim
Register events in
app.js
Click delete link, should not redirect and should delete resource with a status of 200
Actual behavior
Plug.CSRFProtection.InvalidCSRFTokenError at DELETE /projects/8
invalid CSRF (Cross Site Request Forgery) token, make sure all requests include a valid '_csrf_token' param or 'x-csrf-token' header
Params
Request info
http://localhost:4000/projects/8
Headers
*/*
gzip, deflate, sdch
en-US,en;q=0.8,ms;q=0.6,zh-CN;q=0.4,zh;q=0.2,ar;q=0.2
keep-alive
localhost:4000
http://localhost:4000
http://localhost:4000/projects
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.76 Mobile Safari/537.36
XwE1PAYuMgQVQyoUSjYhQRV6MhwmAAAA4jmrGdjPA7cp/AM7Y7ARew==
The text was updated successfully, but these errors were encountered: