Can you share your code?

If you make your POST requests via forms make sure that you generation forms with Yesod functions, in this case it will insert hidden field with CSRF token to resulting form widget automatically. If you sending requests via XHR make sure to use `defaultCsrfMiddleware` from Yesod.Core.

Hope this helps.

ср, 17 февр. 2016 г. в 15:38, fr33domlover <fr33domlover@riseup.net>:

Hello,

I started a new Yesod web app few days ago. I'm using stack, LTS-5.1, and the
yesod-postgres scaffolding.

When I try to log in into my new minimal app, I get an error: A valid CSRF
token wasn't present in HTTP headers or POST parameters. That's because the
POST request doesn't include that token for some reason. But I don't know why.

I found a recent PR which removes the CSRF token checking from the scaffolding,
but I do want CSRF protection to work. As a Yesod beginner, I'm not sure
exactly why the token doesn't get inserted where it should (the Yesod book says
yesod-form does insert it, so I assume this is a bug here) and how I can fix
that. Even if I inserted the token manually into the login form, what about all
the other POST requests my app may use, such as logout?

I also found a commit that adds the token to the redirectToPost function in
yesod-core, but

(1) It's in the most recent release, not in LTS
(2) I'm not sure it has anything to do with it because it seems to be some sort
of JS based form

Anyone knows whether this is a known issue and how to fix it?

Thanks!
--fr33
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe