当我在使用Compojure模板创建的Clojure Webapp项目中尝试使用POST方法时,我收到了“无效的防伪令牌”。
我研究过,Ring Middle ware创建了CSRF(跨站点请求表单)令牌,用于来自其他站点的经过身份验证的请求(使用已登录的其他人的凭据并访问不允许访问的页面)。
这些令牌是默认的,我们需要在我们的WebApp周围使用ring.middleware的wrap-params。无法获得更多。请帮忙 !!如何摆脱无效的防伪令牌。
我的handler.clj文件是:
(ns jsonparser-webapp.handler
(:require [compojure.core :refer :all]
[compojure.route :as route]
[jsonparser-webapp.views :as views])
(:use [ring.middleware.params :only [wrap-params]])
(defroutes app-routes
(GET "/"
[]
(views/home-page))
(GET "/goto"
[]
(views/goto))
(POST "/posted"
{params :params}
(views/posted params))
(route/not-found "Not Found"))
(def app
(wrap-params app-routes site-defaults))
我的views.clj文件是
(ns jsonparser-webapp.views
(:require [hiccup.page :as hic-p]
[hiccup.form :as hf]))
(defn gen-page-head
[title]
[:head
[:title title]])
(defn home-page
[]
(hic-p/html5
(gen-page-head "Json Parser Home.")
[:h1 "Welcome."]
[:p "Json Web App."]
[:a {:href "http://localhost:3000/goto"} "Goto"]
[:p (hf/form {:action "/posted" :method "POST"}
(hf/text-field "TextInput")
(hf/submit-button "Submit"))]))
(defn goto
[]
(hic-p/html5
(gen-page-head "Goto Page.")
[:h1 "Hi."]
[:p "Go where?"]))
(defn posted
[{:keys [x]}]
(hic-p/html5
(gen-page-head "Posted.")
[:h1 "You posted."]
[:p x]))
在Eclipse CounterClockwise中使用Clojure的Compojure模板创建的项目。
答案 0 :(得分:4)
您必须在表单中添加(anti-forgery-field)
,以便将防伪令牌注入POST参数。
像这样:
(ns jsonparser-webapp.views
(:require [hiccup.page :as hic-p]
> [ring.util.anti-forgery :refer [anti-forgery-field]]
[hiccup.form :as hf]))
(defn gen-page-head
[title]
[:head
[:title title]])
(defn home-page
[]
(hic-p/html5
(gen-page-head "Json Parser Home.")
[:h1 "Welcome."]
[:p "Json Web App."]
[:a {:href "http://localhost:3000/goto"} "Goto"]
[:p (hf/form {:action "/posted" :method "POST"}
(hf/text-field "TextInput")
> (anti-forgery-field)
(hf/submit-button "Submit"))]))