Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 01:47
    Markuus13 starred hanami/hanami
  • Jun 20 23:28
    morissetcl commented #570
  • Jun 20 22:50
    morissetcl commented #570
  • Jun 20 06:15
    waiting-for-dev commented #1114
  • Jun 20 06:14
    waiting-for-dev commented #1114
  • Jun 20 06:13
    waiting-for-dev synchronize #1114
  • Jun 20 06:13

    waiting-for-dev on settings_as_class

    Move loading of settings to the… Make DotenvStore#fetch fully co… Add docs for settings (compare)

  • Jun 19 16:17
    heragu edited #393
  • Jun 19 16:15
    heragu opened #393
  • Jun 19 15:01
    jodosha labeled #216
  • Jun 19 15:01
    jodosha assigned #216
  • Jun 19 15:01
    jodosha opened #216
  • Jun 19 14:50

    jodosha on monitoring

    Monitoring Move `dry-events` as developmen… Error message in case `dry-even… (compare)

  • Jun 18 22:36
  • Jun 18 09:59
    waiting-for-dev synchronize #1114
  • Jun 18 09:59

    waiting-for-dev on settings_as_class

    Readd preparing base paths befo… Enforce settings class to be wi… Make fetching from ENV more con… (compare)

  • Jun 18 08:26
    solnic commented #1114
  • Jun 17 19:53
    adam12 commented #1087
  • Jun 17 19:47
    mathias7777 starred hanami/model
  • Jun 17 19:47
    yoshimaru46 starred hanami/model
Edouard
@inouire_twitter
@sebastjan-hribar no worry, I discovered it by chance. Not sure that it's really a feature though ^^
Sebastjan Hribar
@sebastjan-hribar
@inouire_twitter I have another problem with sessions. We have a lot of ajax calls and when sessions are enabled these calls cause the invalid csrf token error. For now I've disabled this by overwriting the verify_csrf_token?, but this seems not the way to go in production. What is the way to go about this?
Sebastjan Hribar
@sebastjan-hribar
For what is worth, we tried providing the token via the ajax call, but no success yet.
Edouard
@inouire_twitter
@sebastjan-hribar it seems that you do not generate forms with the official helper, so your forms do not include CRSF token, which is checked
The token doesn't make sense if you don't have any session, so that could be why it's working when you disable sessions
You could use form_for helper, or recreate CRSF token by yourself, or disable crsf token verification as you already do.
Sebastjan Hribar
@sebastjan-hribar

@inouire_twitter True, in these cases there are no forms generated with the official helper and sessions are enabled for the app in question. We use 1 template to build a complex editor supporting multiple ajax calls to different interactors.
Here is one code example:

$.ajax({
    type: "POST",
    url: "/wordrocket/term_records",
    datatype: "json",
    data: {term_record:
          {
      source_term: $("#tmsr-wr-input-source-term").val(),
      target_term: $("#tmsr-wr-input-target-term").val(),
      src_language: $("#tmsr-wr-select-source-language").val(),
      trg_language: $("#tmsr-wr-select-target-language").val(),
      domain_id: $("#tmsr-wr-select-term-domain").val(),
      definition: $("#tmsr-wr-textarea-term-definition").val()
          }
    },

So, is disabling csrf token verification safe in such cases?
How would we recreate and pass the token? I've been searching online for hanami (a few mentions in gitter from the Lotus times) and non-hanami references, but I still don't know how to do this.

Edouard
@inouire_twitter
About disabling the crsf check, it depends on your use case... is it sensible if a form is forged by an malicious software ? https://owasp.org/www-community/attacks/csrf
About recreating it, I'd guess that the logic is somewhere in https://github.com/hanami/helpers but I didn't find it yet
Sebastjan Hribar
@sebastjan-hribar

About recreating it, I'd guess that the logic is somewhere in https://github.com/hanami/helpers but I didn't find it yet

Yes, I've been looking there as well, but even if were to use the form helper, I don't suppose we'd have access to the token itself.

Sebastjan Hribar
@sebastjan-hribar
This seems to be the way to go, I guess.
Sebastjan Hribar
@sebastjan-hribar
By simply adding <%= csrf_meta_tags %> in the app html head the invalid csrf token error still occurs, eventhough the csrf tag and content are generated.
Sebastjan Hribar
@sebastjan-hribar
In addition to adding the above code to the app head, we have to pass it in the data:
var token = $('meta[name="csrf-token"]').attr('content')
    $.ajax({
    type: "POST",
    url: "/wordrocket/term_records",
    datatype: "json",
    data: {
    _csrf_token: token,
And it works :)
Edouard
@inouire_twitter
cool !
interesting feedback, thanks
Sebastjan Hribar
@sebastjan-hribar
And now that I've worked it out, it makes perfect sense, as usual. :)
Sebastjan Hribar
@sebastjan-hribar
I've made docs PRs for sessions and the above CSRF with UJS for future reference.
Edouard
@inouire_twitter
:thumbsup:
Kori Roys
@koriroys
Hey y'all. How would I go about setting a param programmatically if it's not set (before validating or coercing params)
Edouard
@inouire_twitter
based on what input would the params be set ?
Sebastjan Hribar
@sebastjan-hribar
This is just of the top of my head, but have you tried doing it in the beforeblock? I'm assuming you are not referring to an ajax call.
Kori Roys
@koriroys
Is there a before block for controllers? that might be what I'm looking for, ty
oh I see, it's a callback
Kori Roys
@koriroys
my use case is that certain params come in blank as "", and I have to cast them to nil in order for postgres to not explode. Didn't find a good way to do that with validations, so doing it in a before block now
pontakornth
@pontakornth
Can anyone create a new hanami project now? I encounter the wrong number of argument issue. I don'
I don't know if it is hanami issue or some other libraries. I use Ruby 3.0.0 with Rbenv. I think it's other package bug so I haven't open the issue yet.
pontakornth
@pontakornth
I created a project using 2.5.8 is fine.
Igor
@ircarreira
Hi folks! I'm looking to work with Hanami experts (hire them to be more specific), but I suppose this is not the place to post a message relating to jobs, am I correct?
Martin Ferenec
@MartinFerenec
I get an error
image.png
Anyone knows how to fix this?
Martin Ferenec
@MartinFerenec
Ok I fixed it by installing older ruby
markpostura.com
@marcobeffa
When is anami updated for ruby 3.00?
Martin Ferenec
@MartinFerenec
any good video guides on how to make a simple website using hanami?
markpostura.com
@marcobeffa
It would be interesting I had experience with rails and I would like to try using hanamy as a framework to test the process from deployment to production! If there is any video it would interest me too!
Armin
@wuarmin
@jodosha great! thank you
Luca Guidi
@jodosha
And more importantly Hanami v2.0.0.alpha2 https://twitter.com/hanamirb/status/1389590521807446018 :cherry_blossom:
Luca Guidi
@jodosha
Edouard
@inouire_twitter
That's so cooool !
Thank you all
can't wait to try it
"Built-in application settings, providing first-class support for your "
is there a typo ?
Edouard
@inouire_twitter
After reading the article and having a look at the examples, I'm still find it hard to have the global "framework" view. What is standard? What is custom?
Am I the only one? Do you think it will get better after a more polished integration?
Sven Schwyn
@svoop
Big thanks for all the work, can't wait to start my journey on Hanami 2!
Sebastjan Hribar
@sebastjan-hribar
@jodosha awesome work, like always :fireworks:
Are there any news regarding database sharding?
Luca Guidi
@jodosha
@sebastjan-hribar not yet :)
Feedback for application template to be implemented in v2.0.0.alpha3 https://twitter.com/hanamirb/status/1390298114829914112