I have a search view which collects a search term from a user and then passes them to the search result view. The results view is constructed in two parts:
basic server side rendering which builds the overall structure of the page and includes a search form
ActionCable delivers rendered search results after the longish running search has completed, these views also contain a form
The form from bullet 1 works as expected. The form(s) from bullet 2 fail CSRF checks.
My understanding is that CSRF tokens are added to the session when the page is rendered. As such, the first form works as it has reference to the session. The forms generated in bullet 2 are done so by ActiveJob and then the rendered view is delivered to the browser via ActionCable. I believe that there is no session mapping here.
Can anyone suggest a good approach to correctly allowing form submission with CSRF prevention in place on a form delivered asynchronously from an ActiveJob via ActionCable?