button_to fails csrf
Closed this issue · 2 comments
robacarp commented
The button_to method has no way of passing in a csrf, nor does it render one, so it always fails CSRF check.
infernalmaster commented
This should work
button_to("Save", "/save", :delete) do
csrf_tag
end
Or maybe use some js for that, just like rails
https://github.com/rails/rails/blob/896ee2b679462e7bcaa6890c6f5fdbd3b2e2fccb/actionview/app/assets/javascripts/rails-ujs/utils/csrf.coffee
elorest commented
@infernalmaster This was actually what was done. Please see: https://github.com/amberframework/amber/blob/master/src/amber/cli/templates/scaffold/view/src/views/%7B%7Bname%7D%7D/index.slang.ecr#L24