How to get csrf_token in view.

blowfish-jp · June 9, 2023, 11:44am

I tried same resolve following.

However It does not work.

| <div>
3 | <form action="/register/confirm" method="post">
4 |     <input type="hidden" name="csrf_token" value="<%= Plug.Conn.get_session(@conn, :csrf_token) %>">
  |                                                   ^

Is there any change of Phoenix how to write code?

kokolegorille · June 9, 2023, 11:46am

Hello and welcome.

When You set attributes, You should use the new syntax…

<input type="hidden" name="csrf_token" value={Plug.Conn.get_session(@conn, :csrf_token)}>

blowfish-jp · June 9, 2023, 12:23pm

Thank you. However I can not get any csrf_token. I still have following error message.

Plug.CSRFProtection.InvalidCSRFTokenError at POST /register/confirm
invalid CSRF (Cross Site Request Forgery) token, please make sure that:

  * The session cookie is being sent and session is loaded
  * The request include a valid '_csrf_token' param or 'x-csrf-token' header

And I would like to know where I can see the new syntax manual as well.

Thanks.

kokolegorille · June 9, 2023, 12:35pm

In the upgrade guide to Phoenix 1.6

gist.github.com

https://gist.github.com/chrismccord/2ab350f154235ad4a4d0f4de6decba7b

phx-1.6-upgrade.md

# Phoenix 1.5.x to 1.6 upgrade instructions

## Update your deps

In `mix.exs`, update your `phoenix`, `phoenix_html`, `telemetry_metrics`, `telemetry_poller` and `phoenix_live_dashboard` deps, and add `phoenix_live_view`:

```elixir
def deps do
    [
      {:phoenix, "~> 1.6.0"},

This file has been truncated. show original

blowfish-jp · June 9, 2023, 12:47pm

Thank you!! Following code works.

<input type="hidden" name="_csrf_token" value={Plug.CSRFProtection.get_csrf_token()}>

conradfr · June 9, 2023, 5:16pm

You can just use get_csrf_token()

https://hexdocs.pm/phoenix/Phoenix.Controller.html#get_csrf_token/0