clojure - When is the ring anti-forgery token inserted? -


i'm trying understand when ring anti-forgery token generated or inserted in html page. i'm using compojure / ring / hiccup take question ring. don't have problem per se: want know when , how anti-forgery token "injected".

the anti-forgery-field function ring.util.anti-forgery implemented this:

(html (hidden-field "__anti-forgery-token" *anti-forgery-token*)

if call function @ repl get:

repl>  (println (anti-forgery-field)) <input id="__anti-forgery-token" name="__anti-forgery-token" type="hidden" value="unbound: #&apos;ring.middleware.anti-forgery/*anti-forgery-token*" />

still @ repl, if try var same "unbound" variable:

> ring.middleware.anti-forgery/*anti-forgery-token* => #object[clojure.lang.var$unbound 0x1eae055 "unbound: #'ring.middleware.anti-forgery/*anti-forgery-token*"]

what don't understand "unbound" value nor when transformed (by ring?) actual token delivered. , don't understand how several users connecting website get, each, different token (per session).

is variable "unbound"? when/how become "bound" (if does?)?

also, if i've got ring session id (say "ring-session=310678be-9ef6-41a7-a12a-b2417de4a79f"), how can see, @ clojure repl (on server side), corresponding anti-forgery token's value?

it bound in context (dynamic environment, current stack, if will) of individual request. think of thread-local variable/binding. not in context of request while looking @ application state repl.

it must way, because has different value each user. you'd simulate similar behaviour through explicit lookup call, if working in environment not allow kind of control of dynamic environment.

the binding right session value established in middleware during request, here:

https://github.com/weavejester/ring-anti-forgery/blob/master/src/ring/middleware/anti_forgery.clj#l67

(binding [*anti-forgery-token* (session-token request)]   ;; ...   )

Comments

Post a Comment

Popular posts from this blog

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more