Chicago Boss CSRF and variable passing to template files

Question

I've two problems with my simple application.

I've read the documents twice, but had no luck to using boss_csrf_filter and passing variables to templates.

First I've done the configuration for using CSRF filter in boss.config file as the following :

{controller_filter_config, [boss_csrf_filter]},
{session_adapter, mock},
{session_key, "_myapp_session"},
{session_exp_time, 525600},
{session_cookie_http_only, false},
{session_cookie_secure, false},
{session_domain, ".myappdomain.com"},

Then, I've add to variable in template (which is under src/view/world/hello.html)

<div class="row">
<div class="12u">
<textarea name="message" id="message" placeholder="placeholder" required></textarea>
 {{ csrf_token }}
 </div>
 </div>

Everthing seems fine, but no any hidden input element appearing. Should I check/configure anything else?

The second problem is with my app is passing variables to templates. My is controller something like the following code :

-module(myapp_world_controller, [Req]).
-compile(export_all).

hello('GET', []) ->
    {ok, [{world}]}.

postcontact('POST', []) ->
         {redirect, "/",[{contactformsend, "ok"}]}.

The code is redirecting without any value. So, the following code is not working (the same template file with I've mentioned above) :

{% if contactformsend %}

<script>

    alert("Hi there is!");

</script>

{% endif %}

What I am doing wrong? How can I fix the problems?

Answer 1

I would propose to split your question into two, because I have answer only for the second part. When you use redirect in controller, you don't pass the variables. In the docs you can read this:

{redirect, Location, Headers::proplist()}

So the third argument is list of headers, not variables passed to templates. It makes sense: the variables will be taken from the controller, that is responsible for rendering "/".