Hey Tim, sorry for not responding earlier - didn't notice your post till
now (not often on the group).
Glad you found a solution (thanks Dan, Bob!).
Just to clarify one thing though - a CSRF middleware is definitely
recommended, but shouldn't be _necessary_. If Sente detects that no CSRF
token is present in the Ring request during handshake, it'll print a
warning to the JS console - but it should still continue to function
normally after that.
It sounds to me like the issue you were having was with the default
`chsk-url-fn`. A misconfigured CSRF middleware would result in a 403 error
(forbidden), not a 404 error (not found).
The change you made for Austin looks good, but you will need to make an
allowance for cases where the `websocket?` argument is false (i.e. for Ajax
connections). You can see the `default-chsk-url-fn` as an example:
(def default-chsk-url-fn
"`window-location` keys:
:href ; \"http://www.example.org:80/foo/bar?q=baz#bang\";
:protocol ; \"http:\" ; Note the :
:hostname ; \"example.org\"
:host ; \"example.org:80\"
:pathname ; \"/foo/bar\"
:search ; \"?q=baz\"
:hash ; \"#bang\""
(fn [path {:as window-location :keys [protocol host pathname]} websocket?]
(str (if-not websocket? protocol (if (= protocol "https:") "wss:"
"ws:"))
"//" host (or path pathname))))
I've also amended the relevant docstrings to hopefully make all this
clearer for folks in future. Feel free to ping me here or on GitHub if I
was unclear somewhere or if you've got any follow-up questions.
Cheers! :-)
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
