Comments (11)
mblayman
commented on May 19, 2024
12
For readers as of 2021, I followed @rschroll's suggestion, but the event is renamed in the version that I'm using (1.1.0 at the time of this comment):
document.body.addEventListener('htmx:configRequest', (event) => {
event.detail.headers['X-CSRFToken'] = '{{ csrf_token }}';
})Thanks @rschroll!
from htmx.
srkunze
commented on May 19, 2024
4
@1cg would it make sense to add a sentence or two to the docs?
from htmx.
rschroll
commented on May 19, 2024
3
If you're not using form submissions, you can insert the CSRF token into all htmx requests with a bit of JS. Here's what I have in a Django template:
document.body.addEventListener('configRequest.htmx', (event) => {
event.detail.headers['X-CSRFToken'] = '{{ csrf_token }}';
})
from htmx.
srkunze
commented on May 19, 2024
2
@mblayman For Django, I just wanted to add, this code snippet should be placed at the end of body (at least it didn't work for me when placed in head after xhtm.js loading).
from htmx.
zachbellay
commented on May 19, 2024
1
For any future readers, I was running into a problem where I was using hx-delete and got Forbidden (CSRF token missing or incorrect.): even with @rschroll 's code snippet. It turns out I just needed to move it to the bottom of my base.html file after all other content. I am using Django 3.2, htmx 1.1.0.
from htmx.
1cg
commented on May 19, 2024
Hi There,
Huh, seems like it should "just work" with rails forms, unless we aren't including hidden inputs properly....
from htmx.
fdeage
commented on May 19, 2024
Thanks for your reply.
It's weird but this event is never triggered...
from htmx.
rschroll
commented on May 19, 2024
I'm afraid the best advice I can give is to enable logging (https://htmx.org/docs#events). This may help us see if the events are getting gobbled up by some other handler.
Maybe someone else has more insight.
from htmx.
1cg
commented on May 19, 2024
Hey fdeage, I have added another plugin that does something similar to what you want here:
That code should definitely work for what you are trying to do.
from htmx.
fdeage
commented on May 19, 2024
Thanks @chg20, I'll give it a try!
from htmx.
sasha-co
commented on May 19, 2024
For readers as of 2021, I followed @rschroll's suggestion, but the event is renamed in the version that I'm using (1.1.0 at the time of this comment):
document.body.addEventListener('htmx:configRequest', (event) => { event.detail.headers['X-CSRFToken'] = '{{ csrf_token }}'; })Thanks @rschroll!
It probably should be X-CSRF-Token instead of X-CSRFToken, but the idea is there and it works.
from htmx.
Related Issues (20)
- hx-vals with hx-post fails to create object in request HOT 3
- Provide an option to suppress `hx-indicator` HOT 6
- Assets in 1.9.12 release are not correct HOT 1
- [BUG] stale-while-revalidate causes revalidation of the wrong page HOT 1
- A way to reset/block hx-select and HX-Reselect. IMPROVEMENT
- (website) Images are not displayed in Atom feed
- Question about async encodeParameters in extension
- When using HX-Redirect, the htmx:afterRequest event's detail.successful and detail.failed fields are undefined
- Form doesn't reactivate again when receiving itself in Chrome HOT 3
- Behaviour when disconnected/unmounted from body
- HX-Location should respect Hx-Push-Url when false HOT 2
- htmx.ajax('DELETE') HOT 1
- Unable to understand why this works with html&js but not with htmx HOT 2
- Preserving Web Component state with `hx-preserve` on browser navigation HOT 1
- Adding attributes with loading-states extension
- hx-select conflict HOT 2
- [Question] Option to override xhr request with call to my SDK HOT 6
- [Question] 204 with hx-swap="delete" HOT 1
- hx-on is not working for custom events HOT 6
- hx-trigger from:<Extended CSS selector> breaks after target replaced
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from htmx.