Better CSRF method for htmx

FroMage · May 14, 2024 · d03d71f · d03d71f
1 parent 6b73950
commit d03d71f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/src/main/resources/templates/Todos/htmx.html b/src/main/resources/templates/Todos/htmx.html
@@ -35,15 +35,15 @@
         {#if todo.done}
           <button type="submit" class="btn btn-warning" title="{m:todos.index.undone}"
           	hx-post="{uri:Todos.done(todo.id)}" hx-target="#row-{todo.id}" hx-swap="outerHTML"
-          	hx-vals='{"{inject:csrf.parameterName}": "{inject:csrf.token}"}'><i class="bi-arrow-counterclockwise"></i></button>
+          	><i class="bi-arrow-counterclockwise"></i></button>
         {#else}
           <button type="submit" class="btn btn-success" title="{m:todos.index.done}"
           	hx-post="{uri:Todos.done(todo.id)}" hx-target="#row-{todo.id}" hx-swap="outerHTML"
-          	hx-vals='{"{inject:csrf.parameterName}": "{inject:csrf.token}"}'><i class="bi-check"></i></button>
+          	><i class="bi-check"></i></button>
         {/if}
         <button type="submit" class="btn btn-danger" title="{m:todos.index.delete}"
           	hx-post="{uri:Todos.delete(todo.id)}" hx-target="#row-{todo.id}" hx-swap="delete"
-          	hx-vals='{"{inject:csrf.parameterName}": "{inject:csrf.token}"}'><i class="bi-trash"></i></button>
+          	><i class="bi-trash"></i></button>
       </td>
     </tr>
     {/fragment}
@@ -52,8 +52,7 @@
       <th scope="row">{m:todos.index.new}</th>
       <td>
 	  <input hx-post="{uri:Todos.add()}" name="task" placeholder="{m:todos.index.placeholder}" autofocus
-	  		hx-target="#new" hx-swap="beforebegin"
-	  		hx-vals='{"{inject:csrf.parameterName}": "{inject:csrf.token}"}'/>
+	  		hx-target="#new" hx-swap="beforebegin"/>
       </td>
       <td></td>
     </tr>

diff --git a/src/main/resources/templates/main.html b/src/main/resources/templates/main.html
@@ -9,7 +9,7 @@
         <link rel="shortcut icon" type="image/png" href="/static/images/favicon.svg"/>
         {#insert moreScripts /}
     </head>
-    <body>
+    <body hx-headers='{"{inject:csrf.headerName}":"{inject:csrf.token}"}'>
         <nav class="navbar navbar-expand-lg navbar-light bg-light mb-4">
           <div class="container-fluid">
             <a class="navbar-brand" href="{uri:Application.index()}">Todo</a>