Speaking of CSRF, I have a slightly different setup from the Sente examples where I use sente for all my communication after the initial load, whereas the Sente examples use normal HTTP to perform logins and only use Sente after login. This way the login request can set the client-id and CSRF token. In my setup I can't do this because I do all requests over Sente (and my html/js files are served by a static web server, so I can't set it from those requests either).
What I do to get around this is have a <script src="/init"> before my clojurescript js and the /init route sets up the client-id token and returns "var csrf_token = ...". Then on the client I can pass the token to sente as js/csrf_token. I left this out in my previous mail because I thought it wasn't relevant and wanted to keep the code simple, but I guess it might be useful after all if you are doing something similar to what I'm doing. Btw, as far as I can remember, sente has an option to turn CSRF off - at least, I've used it without CSRF. Obviously you should only do that during development :) On 26 July 2014 12:50, Bob Hutchison <hutch-li...@recursive.ca> wrote: > > Hi Tim, > > I think I went through this when I was first starting with Sente. You need > to setup the CSRF handling part, in the example code by including > ring-anti-forgery/wrap-anti-forgery in your routes. *AND* you have to make > sure that you are using one of those routes before you try to use Sente’s > connection stuff, otherwise your session won’t have certain critical > attributes set (e.g. __anti-forgery-token). I think the 404s are from the > anti-forgery stuff rejecting your request. And I think Sente is assuming > it’s setup. This was a while ago so maybe I’m not remembering it quite > right. > > Cheers, > Bob > > On Jul 26, 2014, at 12:33 AM, Timothy Washington <twash...@gmail.com> > wrote: > > Hi all, > > I'm using [com.taoensso/sente "0.15.1" > <https://github.com/ptaoussanis/sente>], and having trouble connecting > the client to the server. I'm sure it's something simple, but not obvious, > as this is taken directly from the examples on sente's github page. Anyone > seen and fixed the error in fig.1? The clojurescript and clojure code are > in fig 2 and 3 respectively. > > > WebSocket connection to 'ws://172.28.128.5:58269/chsk' failed: Error > during WebSocket handshake: Unexpected response code: 404 > WebSocket error: [object Event] VM1707:1689 > Chsk is closed: will try reconnect (8). VM1707:1689 > > fig.1 - Chrome network error message > > (ns my.ns > (:require-macros > [cljs.core.match.macros :refer (match)] ; Optional, useful > [cljs.core.async.macros :as asyncm :refer (go go-loop)]) > (:require > ;;[clojure.browser.repl :as repl] > [cljs.core.match] ; Optional, useful > [cljs.core.async :as async :refer (<! >! put! chan)] > [taoensso.sente :as sente :refer (cb-success?)])) > > > (let [{:keys [chsk ch-recv send-fn state]} > (sente/make-channel-socket! "/chsk" {:type :auto})] > > (def chsk chsk) > (def ch-chsk ch-recv) > (def chsk-send! send-fn) > (def chsk-state state)) > > (defn one [] > (chsk-send! [:some/request-id {:name "Rich Hickey" :type "Awesome"}])) > > > *fig.2 - my.cljs * > > > (ns my.http.ns > (:require [compojure.core :refer :all] > ... > > ;; Sente stuff > [clojure.core.match :as match :refer (match)] ; Optional, > useful > [clojure.core.async :as async :refer (<! <!! >! >!! put! chan > go go-loop)] > [taoensso.sente :as sente])) > > > (let [{:keys [ch-recv send-fn ajax-post-fn ajax-get-or-ws-handshake-fn]} > (sente/make-channel-socket! {})] > > (def ring-ajax-post ajax-post-fn) > (def ring-ajax-get-or-ws-handshake ajax-get-or-ws-handshake-fn) > (def ch-chsk ch-recv) > (def chsk-send! send-fn)) > > ... > > (defn create-approutes [project-config browserrepl] > > (defroutes app-routes > > ;; Sente stuff > (GET "/chsk" req (ring-ajax-get-or-ws-handshake req)) ; tried both > ring-ajax-get-or-ws-handshake and *#'*ring-ajax-get-or-ws-handshake > (POST "/chsk" req (ring-ajax-post req)) ; same > here for trying both > > > (GET "/" [] > (-> (ring-resp/response (with-browser-repl "index.html" > browserrepl)) > (ring-resp/content-type "text/html"))) > > (route/resources "/" {:root "resources/public/"}) > (route/not-found "Not Found"))) > > *fig.3 - my.clj * > > > Tim Washington > Interruptsoftware.com <http://interruptsoftware.com/> > > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
