Stéphane Épardaud
Stéphane Épardaud
You can disable CSRF token verification for non-forms with the `quarkus.csrf-reactive.require-form-url-encoded=false` configuration. You can also achieve CSRF token verification using an HTTP header for those APIs. Does this help?
Yes, that'd be great, thanks :)
ATM no, but that'd be a nice improvement.
I had a look, and it's a Codestart bug that @ia3andy is looking at.
@mkouba should I be expecting these sorts of issues with the latest Qute changes? ``` Caused by: java.lang.NullPointerException at io.quarkus.qute.deployment.QuteProcessor$Match.getTypeParameters(QuteProcessor.java:2281) at io.quarkus.qute.deployment.QuteProcessor.resolveType(QuteProcessor.java:2004) at io.quarkus.qute.deployment.QuteProcessor.validateNestedExpressions(QuteProcessor.java:1246) at io.quarkus.qute.deployment.QuteProcessor.validateExpressions(QuteProcessor.java:858) ```
Thanks.
That's very interesting, except I think the `host`/`port` parts should come from the current config, no? It seems error-prone to specify them in the code when they are deployment-dependent. I...
Sure, but they don't belong in the annotation if the framework can detect them. Unless they're not required/defaulted.
Yes this sounds great.
No we don't support it, but if you want to add support for it your contribution will be welcome :)