diff --git a/Readme.md b/Readme.md
index a085c00..6e89b27 100644
--- a/Readme.md
+++ b/Readme.md
@@ -139,30 +139,46 @@ The resulting HTML will be.
### HTMX and Anti-forgery Tokens
-You can set the attribute `includeAspNetAntiforgerToken` on the `htmx-config` element. Then you'll need to include this additional JavaScript in your web application.
+You can set the attribute `includeAspNetAntiforgerToken` on the `htmx-config` element. Then you'll need to include this additional JavaScript in your web application. We include the attribute `__htmx_antiforgery` to track the event listener was added already. This keeps us from accidentally re-registering the event listener.
```javascript
-document.addEventListener("htmx:configRequest", (evt) => {
- let httpVerb = evt.detail.verb.toUpperCase();
- if (httpVerb === 'GET') return;
-
- let antiForgery = htmx.config.antiForgery;
-
- if (antiForgery) {
-
- // already specified on form, short circuit
- if (evt.detail.parameters[antiForgery.formFieldName])
- return;
-
- if (antiForgery.headerName) {
- evt.detail.headers[antiForgery.headerName]
- = antiForgery.requestToken;
- } else {
- evt.detail.parameters[antiForgery.formFieldName]
- = antiForgery.requestToken;
+if (!document.body.attributes.__htmx_antiforgery) {
+ document.addEventListener("htmx:configRequest", evt => {
+ let httpVerb = evt.detail.verb.toUpperCase();
+ if (httpVerb === 'GET') return;
+ let antiForgery = htmx.config.antiForgery;
+ if (antiForgery) {
+ // already specified on form, short circuit
+ if (evt.detail.parameters[antiForgery.formFieldName])
+ return;
+
+ if (antiForgery.headerName) {
+ evt.detail.headers[antiForgery.headerName]
+ = antiForgery.requestToken;
+ } else {
+ evt.detail.parameters[antiForgery.formFieldName]
+ = antiForgery.requestToken;
+ }
}
- }
-});
+ });
+ document.addEventListener("htmx:afterOnLoad", evt => {
+ if (evt.detail.boosted) {
+ const parser = new DOMParser();
+ const html = parser.parseFromString(evt.detail.xhr.responseText, 'text/html');
+ const selector = 'meta[name=htmx-config]';
+ const config = html.querySelector(selector);
+ if (config) {
+ const current = document.querySelector(selector);
+ // only change the anti-forgery token
+ const key = 'antiForgery';
+ htmx.config[key] = JSON.parse(config.attributes['content'].value)[key];
+ // update DOM, probably not necessary, but for sanity's sake
+ current.replaceWith(config);
+ }
+ }
+ });
+ document.body.attributes.__htmx_antiforgery = true;
+}
```
You can access the snippet in two ways. The first is to use the `HtmxSnippet` static class in your views.
@@ -183,6 +199,37 @@ This html helper will result in a `
+
+
+
+
+
+```
## License
diff --git a/src/Htmx.TagHelpers/HtmlExtensions.cs b/src/Htmx.TagHelpers/HtmlExtensions.cs
index 0a080cb..9ce8914 100644
--- a/src/Htmx.TagHelpers/HtmlExtensions.cs
+++ b/src/Htmx.TagHelpers/HtmlExtensions.cs
@@ -13,6 +13,8 @@ public static class HtmlExtensions
///
///
+ /// IMPORTANT: Remember to add the following script tag to your _Layout.cshtml or Razor view:
+ ///
+ /// ]]>
+ ///