clojureclojurescriptringreagentreitit

Reagent + Ring full stack Clojure + ClojureScript app receiving 403 `Invalid anti-forgery token`


I am trying to set up a full stack Clojure and ClojureScript web app. I am using Reagent and Ring but am running into a 403 error when I try post data using promesa.

On the ClojureScript side I have the following page where it attempts to post data and wait for the response.

(defn trigger-page []
  (let [do-the-thing (fn []
                        (promesa/let [_response (js/fetch "api/trigger/" (clj->js {:headers {:Content-Type "application/json"}
                                                                              :method "POST"
                                                                              :body (js/JSON.stringify #js {:args "TEST"})}))
                                response (.json _response)
                                data (js->clj response :keywordize-keys true)]
                          (js/console.log response)
                          data))]
  (fn []
    [:span.main
     (js/console.log "test")
     [:h1 "Trigger"]
     [:button {:on-click #(do-the-thing)} "Trigger"]
     [:ul]])))

On the Clojure backend I have the app and supporting function defined as follows:

(defn do-the-stuff [req]
  (r/response {:response "STUFF"}))

(def app
  (reitit-ring/ring-handler
   (reitit-ring/router
    [["/" {:get {:handler index-handler}}]
     ["/trigger" {:get {:handler index-handler}}]
     ["api/"
      ["trigger/" {:post do-the-stuff}]]
     ["/about" {:get {:handler index-handler}}]])
   (reitit-ring/routes
    (reitit-ring/create-resource-handler {:path "/" :root "/public"})
    (reitit-ring/create-default-handler))
   {:middleware middleware}))

The middleware is the default created by the leiningen reagent template:

(def middleware
  [#(wrap-defaults % site-defaults)
   wrap-exceptions
   wrap-reload])

Currently, whenever I press the trigger button I get a 403 Invalid anti-forgery token response. I have tried using ring-clojure/ring-anti-forgery with no success. Would greatly appreciate any recomnedations!


Solution

  • Update to fix this problem, in the do-the-stuff I changed from (ring/response {:response "STUFF"}) to just returning {:response "STUFF"}. This solved my invalid anti-forgery token issues.