How to selectively disable CSRF check in Phoenix framework

后端 未结 1 1397
渐次进展
渐次进展 2021-02-12 14:16

I\'m trying to create a Facebook Page Tab which points to my website. Facebook sends a HTTP POST request to the url of my website. The problem here is that the server has a bui

1条回答
  •  终归单人心
    2021-02-12 14:35

    The Plug.CSRFProtection is enabled in your router with protect_from_forgery. This is set by default in the browser pipeline. Once a plug has been added, there is no way to disable it, instead it has to be not set in the first place. You can do this by moving it out of browser and only including it when it is required.

    defmodule Foo.Router do
      use Foo.Web, :router
    
      pipeline :browser do
        plug :accepts, ["html"]
        plug :fetch_session
        plug :fetch_flash
        #plug :protect_from_forgery - move this
      end
    
      pipeline :csrf do
        plug :protect_from_forgery # to here
      end
    
      pipeline :api do
        plug :accepts, ["json"]
      end
    
      scope "/", Foo do
        pipe_through [:browser, :csrf] # Use both browser and csrf pipelines
    
        get "/", PageController, :index
      end
    
      scope "/", Foo do
        pipe_through :browser # Use only the browser pipeline
    
        get "/facebook", PageController, :index #You can use the same controller and actions if you like
      end
    
    end
    

    0 讨论(0)
提交回复
热议问题