Tutorials Quick Tips SAAS Starter Kit Twitter

Quick Tip

Use javascript fetch to post to a Phoenix controller

javascriptcsrf

As in the case with Rails, Phoenix also has protection against cross site request forgery (crfs). If you want to post to a controller from a javascript file you need to add the token as a header manually. However, in phoenix the csrf token is provided when you render a form. So, unless there is already a form on the page, there is no token to read. To get around this, add this in the page header:

<%= csrf_meta_tag() %>

And then the post can be triggered with:

const token = document.querySelector('meta[name="csrf-token"]').getAttribute('content')

fetch('/posts', {
  method: 'post',
  headers: {
    'Content-Type': 'application/json',
    'X-CSRF-Token': token
  },
  body: JSON.stringify({post: {title: 'Awesome blogpost title'}})
})

Tag Cloud

CSV absinthe alpinejs api async atom authentication bamboo belongs_to boilerplate bootstrap bulk cache cachex calendar channels component crypto csrf datatable deploy ecto email esbuild fileupload finch floki forms fuzzyseach graphql guardian has_many has_many_through hooks javascript jsonb layouts liveview modal multitenancy oban otp pagination payments phoenix phoenix-1.6 postgresql pow presence pubsub render rss s3 saasstarterkit scrape search sorting stripe swagger swoosh table tagging tailwind teams templates typeahead waffle webhook

Related Quick Tips

Published 23 May - 2020

Delete unused node_module folders

Tired of all node_modules folders taking up gigabytes of hard drive space? Did you know theres is a command to find and delete them? If you are lik..

Go to quick_tip

Phoenix 1.7 Released!

Checkout the newly updated Starter Kit!