无效的防伪令牌 [英] Invalid anti-forgery token

问题描述

当我在使用Compojure模板创建的Clojure Webapp项目中尝试使用POST方法时，得到了"无效的防伪令牌".

I'm getting an "Invalid anti-forgery token" when I try using POST method in a Clojure Webapp project I created using Compojure template.

我进行了研究，Ring中间件为来自其他站点的经过身份验证的请求创建了CSRF(跨站点请求表单)令牌(以使用已经登录并访问不允许访问页面的其他人的凭据).

I researched, and Ring middle ware creates CSRF (cross site request forms) tokens to authenticated requests coming from other sites (to use someone else's credentials who has already logged in and access pages not allowed to access).

这些令牌是默认的，我们需要在WebApp周围使用ring.middleware的wrap-params.无法到达任何地方.请帮忙 ！！如何摆脱无效的防伪令牌.

These tokens are default, and we need to use ring.middleware 's wrap-params around our WebApp. Couldn't get anywhere much. Please HELP !! How to get rid of Invalid anti-forgery token.

我的handler.clj文件是:

My handler.clj file is :

(ns jsonparser-webapp.handler
   (:require [compojure.core :refer :all]
        [compojure.route :as route]
        [jsonparser-webapp.views :as views])
   (:use [ring.middleware.params :only [wrap-params]])

(defroutes app-routes
  (GET "/" 
    [] 
    (views/home-page))
  (GET "/goto" 
    [] 
    (views/goto))
  (POST "/posted"
     {params :params} 
     (views/posted params))
  (route/not-found "Not Found"))

(def app
    (wrap-params app-routes site-defaults))

我的views.clj文件是

My views.clj file is

(ns jsonparser-webapp.views
   (:require [hiccup.page :as hic-p]
             [hiccup.form :as hf]))

(defn gen-page-head
  [title]
  [:head
     [:title title]])

(defn home-page
  []
  (hic-p/html5
      (gen-page-head "Json Parser Home.")
      [:h1 "Welcome."]
      [:p "Json Web App."]
      [:a {:href "http://localhost:3000/goto"} "Goto"]
      [:p (hf/form {:action "/posted" :method "POST"} 
             (hf/text-field "TextInput")    
             (hf/submit-button "Submit"))]))

(defn goto
  []
  (hic-p/html5
      (gen-page-head "Goto Page.")
      [:h1 "Hi."]
      [:p "Go where?"]))

(defn posted
   [{:keys [x]}]
   (hic-p/html5
      (gen-page-head "Posted.")
      [:h1 "You posted."]
      [:p x]))

使用Eclipse CounterClockwise中的Clojure的Compojure模板创建的项目.

Project created using Compojure template of Clojure in Eclipse CounterClockwise.

推荐答案

您必须在表单中添加(防伪字段)，以便将防伪令牌注入到POST中参数.

You have to add (anti-forgery-field) to your form, so that the anti forgery token is injected into the POST params.

赞:

(ns jsonparser-webapp.views
  (:require [hiccup.page :as hic-p]
>           [ring.util.anti-forgery :refer [anti-forgery-field]]
            [hiccup.form :as hf]))

(defn gen-page-head
  [title]
  [:head
   [:title title]])

(defn home-page
  []
  (hic-p/html5
    (gen-page-head "Json Parser Home.")
    [:h1 "Welcome."]
    [:p "Json Web App."]
    [:a {:href "http://localhost:3000/goto"} "Goto"]
    [:p (hf/form {:action "/posted" :method "POST"} 
         (hf/text-field "TextInput")    
 >       (anti-forgery-field)
         (hf/submit-button "Submit"))]))

这篇关于无效的防伪令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！