-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Protection Error when loading script #5
Comments
Hi, thank you for flagging and for volunteering a fix! |
This should be fixed now. |
@tompave we're seeing this now:
# mix.exs
{:fun_with_flags, "~> 1.5.1"},
{:fun_with_flags_ui, "~> 0.7.2"},
{:phoenix, "~> 1.5.4", override: true},
{:phoenix_ecto, "~> 4.1.0"},
{:phoenix_html, "~> 2.14.2"},
{:phoenix_live_dashboard, "~> 0.2.7"},
{:phoenix_live_reload, "~> 1.2.4", only: :dev},
{:phoenix_live_view, "~> 0.14.3"},
{:plug_cowboy, "~> 2.3.0"},
# mix.lock
"plug": {:hex, :plug, "1.10.3", :...}, # router.ex
scope path: "/feature-flags" do
pipe_through [:browser, :ensure_admin]
forward "/", FunWithFlags.UI.Router, namespace: "feature-flags"
end |
Hi @garthk, thanks for opening the issue, but that description doesn't provide enough info. Also, this issue is quite old, it's closed, and the original problem was resolved. Can you please open a new issue and clearly describe what the problem is? What request is causing the error? Is it a page load request? An asset request? Was it working before and then it stopped? What changed? Thanks |
@garthk I'm going to take a guess at this one. It looks like you're piping through |
I'm now seeing a CSRF error when the details page tries to load the
details.js
script:When this JS file does not load, there are no longer any confirmation boxes showing up.
I think we need to either ignore CSRF Protection on this route or add the token when loading up the script.
I introduced this error with PR #4 and I'll look at putting in a fix as soon as I can.
The text was updated successfully, but these errors were encountered: