How can we get http.post to set X-CSRFToken header on the request?
The token should be taken from csrftoken cookie, which is set by the backend.
Do we need to use http.send for it?
Asked
Active
Viewed 1,047 times
1 Answers
4
If you look at the source code (https://github.com/evancz/elm-http/blob/3.0.1/src/Http.elm), post is hard-coded with
empty (i.e. []) http header.
So if you want to have custom header, post
does not work, you'll have to use send instead.
Other solution you might want to consider is to enforce CSRF token for all http calls, like this stackoverflow answer suggests.
