Invalid CSRF (Cross Site Request Forgery) error

Scratch this question. I actually posted a similar question in another forum about three months ago and I forgot all about it. If a mod wants to delete it feel free.

The answer is here:

<form action="/users" method="post">
	 	 <input type="hidden" name="_csrf_token" value="<%= Plug.CSRFProtection.get_csrf_token()%>">
	 <input type="text" value="username">
	 <input type="text" value="password">
	 <input type="text" value="email">
	 <input type="submit">
</form>

I am learning how to create a basic authentication page and I am getting a CSRF error on POST request to /users

Router code:

  scope "/", AppxWeb do
    # Use the default browser stack
    pipe_through(:browser)

    get("/", PageController, :index)

    resources("/users", UserController)
  end

Controller:

defmodule AppxWeb.UserController do
  use AppxWeb, :controller

  def new(conn, _params) do
    render(conn, "new_user_form.html")
  end
end

Template:

<form action="/users" method="post">
	 <input type="text" value="username">
	 <input type="text" value="password">
	 <input type="text" value="email">
	 <input type="submit">
</form>

I tried the following template as well:

<form action="/users" method="post">
	 <input type="hidden" name="csrf_token" value="<%= Plug.Conn.get_session(@conn, :csrf_token) %>">
	 <input type="text" value="username">
	 <input type="text" value="password">
	 <input type="text" value="email">
	 <input type="submit">
</form>
1 Like