Just spent 2 hours on this…
- Follow
:cors_plug
setup.
# mix.exs
defp deps, do: [
{:cors_plug, "~> 2.0"},
# ...
]
# endpoint.ex
plug CORSPlug, origin: ["http://localhost:4000"]
plug <YOUR APP>Web.Router
- In your webpage’s controller, add
token: get_csrf_token()
to yourrender/3
def index(conn, _params), do: render(conn, "index.html", token: get_csrf_token())
fetch('http://localhost:4000/upload', {method: 'POST', mode: 'cors', headers: {'x-csrf-token': '<%= @token %>'}, body})
Key details:
- DON’T use
https
- DON’T use
'_csrf_token'