Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upExample fails if first url exists in resources #318
Closed
Labels
Comments
|
Thanks for the report, PR welcome! |
|
This issue seems to be with |
This was referenced May 11, 2018
|
Ring now puts anti-forgery in the request (for ring-defaults 0.3.2+) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When your first url (e.g. /index.html) exists in resources, no csrf token is ever transmitted. Seems to be due to wrap-resources taking place before wrap-anti-forgery in wrap-default and so stealing the request, that does not get anti-forgery. Changing order (first anti-forgery, next wrap-resources) works like a charm.