mirror of
https://github.com/TecharoHQ/anubis.git
synced 2026-04-05 16:28:17 +00:00
7c80c23e90
* docs: remove JSON examples from policy file docs Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): remove mentions of botPolicies.json in the tests Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update link to challenge methods Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: unbreak links to the challenges category Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
22 lines
973 B
Plaintext
22 lines
973 B
Plaintext
# HTMX
|
|
|
|
import Tabs from "@theme/Tabs";
|
|
import TabItem from "@theme/TabItem";
|
|
|
|
[HTMX](https://htmx.org) is a framework that enables you to write applications using hypertext as the engine of application state. This enables you to simplify you server side code by having it return HTML instead of JSON. This can interfere with Anubis because Anubis challenge pages also return HTML.
|
|
|
|
To work around this, you can make a custom [expression](../configuration/expressions.mdx) rule that allows HTMX requests if the user has passed a challenge in the past:
|
|
|
|
```yaml
|
|
- name: allow-htmx-iff-already-passed-challenge
|
|
action: ALLOW
|
|
expression:
|
|
all:
|
|
- '"Cookie" in headers'
|
|
- 'headers["Cookie"].contains("anubis-auth")'
|
|
- '"Hx-Request" in headers'
|
|
- 'headers["Hx-Request"] == "true"'
|
|
```
|
|
|
|
This will reduce some security because it does not assert the validity of the Anubis auth cookie, however in trade it improves the experience for existing users.
|