|
1 | | -# Dynamic Forms in static pages for Statamic |
| 1 | +# Dynamic Forms in staticly cached pages for Statamic |
2 | 2 |
|
3 | | -Want static caching in statamic? And still want to have dynamic forms? |
4 | | -Just add a `{{ dynamic_token }}` to your layout file just before `</body>` tag. |
5 | | -and then add an `APP_URL=site.com` to your `.env` file. |
| 3 | +Want static full/half measure caching in statamic? |
| 4 | +But also still want to have forms in those static pages? |
| 5 | +DynamoInStatamo is here to help. |
| 6 | + |
| 7 | +### Configuration |
| 8 | + |
| 9 | +- disable CSRF verification by adding `/!/DynamicToken` to the `csrf_exclude` array in `site/settings/system.yaml`. Don't worry we check that the referrer is comming from your `APP_URL`, but this still carries its own risks. |
| 10 | +- add a `{{ dynamic_token }}` to your layout file just before `</body>` tag. |
| 11 | +- add an `APP_URL=<your_site_url>` to your `.env` file. |
| 12 | +e.g.:`APP_URL=site.com` |
| 13 | +local development: `APP_URL=localhost` |
6 | 14 |
|
7 | 15 | ### Installing |
| 16 | + |
8 | 17 | Copy the `DynamicToken` into your `site/addons` folder. |
| 18 | + |
9 | 19 | ### How does this work? |
| 20 | + |
10 | 21 | First off, if `javascript` is disabled this won't work. We will add this functionality later. On page load it will get a fresh csrf token and update all your forms with it. It will automatically update the token every 15 minutes. |
| 22 | + |
11 | 23 | ##### There are two parts: |
12 | 24 | ###### 1st: |
13 | 25 | The `{{ dynamic_token }}` inserts a bit of javascript into your static html file, which allows it to pull a new `csrf` token and update all `<form>` tags which have an `<input name="_token">`, this applies to all `{{ form:create }}` tags, or any form if you add `<input name="_token">` to your normal forms. |
14 | 26 | ###### 2st: |
15 | | -A simple controller, note you might need to exclude `/!/DynamicToken` from csrf setting like |
16 | | -Disable CSRF verification by adding `/!/DynamicToken` to the `csrf_exclude` array in `site/settings/system.yaml`. Don't worry we check that the referrer is comming from your `APP_URL`. |
| 27 | +A simple controller, which checks the refferer and if the refferer matches your `APP_URL` it returns a fresh `csrf` token. |
17 | 28 |
|
18 | 29 | ### Gotchas |
19 | 30 | If you've changed your api denominator, you will need to modify `$route = '/!/DynamicToken/refresh';` in the `DynamicToken/DynamicTokenTags.php` file. The default statamic denominator is `/!/`; |
| 31 | + |
| 32 | +### Upcoming |
| 33 | +- Settings: set refresh time span, currently 15 minutes |
| 34 | +- Automatic pickup of your api denomitor |
| 35 | +- Server only handling of forms, without the `{{ dynamic_token }}` tag |
0 commit comments