Get error after editing acronym on the browser


Regarding “SESSION” in the tutorial Page 342,
I get the below error when editing the acronym and click Update.

I have go through in every line of code to see if there are any wrong in my WebsiteController.swift , Also in CreateAcronym.leaf .
But still not found any bug of my code.

Appreciated if you could advise.

{“error”:true,“reason”:“Value of type ‘String’ required for key ‘csrfToken’.”}

I’m assuming you’re setting the CSRF token in the form? Can you see it in the network inspector when you submit the form?

I did not see it in the network inspector when I summit the form as picture.

Ok cool, that narrows down the problem! What does your createAcronym.leaf look like?

Thanks for pointing me the direction to find the problem.
Here is my createAcronym.leaf.

When I removed #if(csrfToken) as below , it solved.
But I’m not sure if this is right solution.

Before change:
if(csrfToken) {

<input type="hidden" name="csrfToken" value="#(csrfToken)">


After changed:

<input type="hidden" name="csrfToken" value="#(csrfToken)">

Hi, apologies I’ve been away!

So if you remove the #if statement it all works? :thinking: that would point to a bug in Leaf. If you set the if statement and inspect the returned HTML, does the input not exist?

Hi ,

I  add #if statement in html(.leaf).

And also remove all cookies in the web browser.

Then run vapor project.
I don’t know why , but it 's work this time.
It seem bug in leaf as you mention have been resolved.

1 Like

Hi, I have the same problem.
I tried the original code from the book with chrome and Safari but still the same results.
It only works without the if.


@oliz Did you remove your browser cookies?

Yes - on both browser. I clean up and reset both of them - the error is still there. But when I remove the if it works perfect.

@0xtim Do you have any feedback about this? Thank you - much appreciated! :]

@oliz can you copy and paste your code from the Leaf file?


I used the original code from the book.

Hmm you’re right! There’s a bug in the chapter (and from the looks of it, the final project itself) where the editAcronymPostHandler(_:) is decoding CreateAcronymData which expects a CSRF token, but the EditAcronymContext doesn’t have it.

Fixes are - remove the if, you’ll get an empty String, which masks the problem, or pass in a CSRF token to the edit acronym page. Not sure how this got missed in 2 versions and lots of tech edits!

@thammaporn @oliz thanks for spotting this! I’ve fixed it in the next edition of the book and update the GH repo. The fix I’ve gone for is to make csrfToken on CreateAcronymData optional so it doesn’t fail when decoding the data on the edit POST handler:

You then just need to update createAcronymPostHandler(_:data:) to account for the change:

1 Like

Thank you very much for your help and your response.
I can’t wait for the second edition.


1 Like