Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Edouard
@inouire_twitter
The token doesn't make sense if you don't have any session, so that could be why it's working when you disable sessions
You could use form_for helper, or recreate CRSF token by yourself, or disable crsf token verification as you already do.
Sebastjan Hribar
@sebastjan-hribar

@inouire_twitter True, in these cases there are no forms generated with the official helper and sessions are enabled for the app in question. We use 1 template to build a complex editor supporting multiple ajax calls to different interactors.
Here is one code example:

$.ajax({
    type: "POST",
    url: "/wordrocket/term_records",
    datatype: "json",
    data: {term_record:
          {
      source_term: $("#tmsr-wr-input-source-term").val(),
      target_term: $("#tmsr-wr-input-target-term").val(),
      src_language: $("#tmsr-wr-select-source-language").val(),
      trg_language: $("#tmsr-wr-select-target-language").val(),
      domain_id: $("#tmsr-wr-select-term-domain").val(),
      definition: $("#tmsr-wr-textarea-term-definition").val()
          }
    },

So, is disabling csrf token verification safe in such cases?
How would we recreate and pass the token? I've been searching online for hanami (a few mentions in gitter from the Lotus times) and non-hanami references, but I still don't know how to do this.

Edouard
@inouire_twitter
About disabling the crsf check, it depends on your use case... is it sensible if a form is forged by an malicious software ? https://owasp.org/www-community/attacks/csrf
About recreating it, I'd guess that the logic is somewhere in https://github.com/hanami/helpers but I didn't find it yet
Sebastjan Hribar
@sebastjan-hribar

About recreating it, I'd guess that the logic is somewhere in https://github.com/hanami/helpers but I didn't find it yet

Yes, I've been looking there as well, but even if were to use the form helper, I don't suppose we'd have access to the token itself.

Sebastjan Hribar
@sebastjan-hribar
This seems to be the way to go, I guess.
Sebastjan Hribar
@sebastjan-hribar
By simply adding <%= csrf_meta_tags %> in the app html head the invalid csrf token error still occurs, eventhough the csrf tag and content are generated.
Sebastjan Hribar
@sebastjan-hribar
In addition to adding the above code to the app head, we have to pass it in the data:
var token = $('meta[name="csrf-token"]').attr('content')
    $.ajax({
    type: "POST",
    url: "/wordrocket/term_records",
    datatype: "json",
    data: {
    _csrf_token: token,
And it works :)
Edouard
@inouire_twitter
cool !
interesting feedback, thanks
Sebastjan Hribar
@sebastjan-hribar
And now that I've worked it out, it makes perfect sense, as usual. :)
Sebastjan Hribar
@sebastjan-hribar
I've made docs PRs for sessions and the above CSRF with UJS for future reference.
Edouard
@inouire_twitter
:thumbsup:
Kori Roys
@koriroys
Hey y'all. How would I go about setting a param programmatically if it's not set (before validating or coercing params)
Edouard
@inouire_twitter
based on what input would the params be set ?
Sebastjan Hribar
@sebastjan-hribar
This is just of the top of my head, but have you tried doing it in the beforeblock? I'm assuming you are not referring to an ajax call.
Kori Roys
@koriroys
Is there a before block for controllers? that might be what I'm looking for, ty
oh I see, it's a callback
Kori Roys
@koriroys
my use case is that certain params come in blank as "", and I have to cast them to nil in order for postgres to not explode. Didn't find a good way to do that with validations, so doing it in a before block now
pontakornth
@pontakornth
Can anyone create a new hanami project now? I encounter the wrong number of argument issue. I don'
I don't know if it is hanami issue or some other libraries. I use Ruby 3.0.0 with Rbenv. I think it's other package bug so I haven't open the issue yet.
pontakornth
@pontakornth
I created a project using 2.5.8 is fine.
Igor
@ircarreira
Hi folks! I'm looking to work with Hanami experts (hire them to be more specific), but I suppose this is not the place to post a message relating to jobs, am I correct?
Martin Ferenec
@MartinFerenec
I get an error
image.png
Anyone knows how to fix this?
Martin Ferenec
@MartinFerenec
Ok I fixed it by installing older ruby
markpostura.com
@marcobeffa
When is anami updated for ruby 3.00?
Martin Ferenec
@MartinFerenec
any good video guides on how to make a simple website using hanami?
markpostura.com
@marcobeffa
It would be interesting I had experience with rails and I would like to try using hanamy as a framework to test the process from deployment to production! If there is any video it would interest me too!
Armin
@wuarmin
@jodosha great! thank you
Luca Guidi
@jodosha
And more importantly Hanami v2.0.0.alpha2 https://twitter.com/hanamirb/status/1389590521807446018 :cherry_blossom:
Luca Guidi
@jodosha
Edouard
@inouire_twitter
That's so cooool !
Thank you all
can't wait to try it
"Built-in application settings, providing first-class support for your "
is there a typo ?
Edouard
@inouire_twitter
After reading the article and having a look at the examples, I'm still find it hard to have the global "framework" view. What is standard? What is custom?
Am I the only one? Do you think it will get better after a more polished integration?
Sven Schwyn
@svoop
Big thanks for all the work, can't wait to start my journey on Hanami 2!
Sebastjan Hribar
@sebastjan-hribar
@jodosha awesome work, like always :fireworks:
Are there any news regarding database sharding?
Luca Guidi
@jodosha
@sebastjan-hribar not yet :)
Feedback for application template to be implemented in v2.0.0.alpha3 https://twitter.com/hanamirb/status/1390298114829914112
Sebastjan Hribar
@sebastjan-hribar
@jodosha thank you for the feedback. I'd be interested to know how people are tackling multitenancy when using Hanami out of the box. We're nearing a launch for two apps (read projects :) and I have a few questions around deployment and scalability, but I'll post them on discourse later this week.
markpostura.com
@marcobeffa
@jodosha great! thank you
Lairan
@alex-lairan

Hello !

I am a user of Hanami router, but I never used 'resources' or thing like that, always to direct action routing.

I would like to try it but it doesn't find my action, how can I tell hanami router to find the class inside the correct namespace ?

    namespace 'admin' do
      resources 'applications', only: %i[index]
    end

    get '/admin/applications', to: Controllers::Admin::Applications::Index
                Name Method     Path                           Action                        

  admin_applications GET, HEAD  /admin/applications            Applications::Index           
                     GET, HEAD  /admin/applications            Application::Controllers::Admin::Applications::Index
Sven Schwyn
@svoop
:warning: A word from the unofficial shameless commerce division: Given the partial meltdown in Rails-world and Hanami 2 going alpha2, now may be a good time to promote and sponsor Hanami in some way e.g. Tim Riley, Piotr Solnica, Luca Guidi or Sebastian Wilgosz (hanamimastery).