From 48a623d6281be8e2c2ff6fee3feef9a600a7e197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20=C3=89pardaud?= <stef@epardaud.fr>
Date: Fri, 27 Oct 2023 15:03:20 +0200
Subject: [PATCH] Document htmx header solution for CSRF

---
 docs/modules/ROOT/pages/advanced.adoc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/pages/advanced.adoc b/docs/modules/ROOT/pages/advanced.adoc
index a9a553e1..1d5d3493 100644
--- a/docs/modules/ROOT/pages/advanced.adoc
+++ b/docs/modules/ROOT/pages/advanced.adoc
@@ -617,7 +617,13 @@ For CSRF Security, you need a form parameter with the CSRF Token. By adding this
 <div hx-post"/hello" hx-vals='{"{inject:csrf.parameterName}": "{inject:csrf.token}"}'>
 ----
 
-NOTE: There is a ongoing issue to allow using a header instead of a form parameter (https://github.com/quarkusio/quarkus/issues/34513), this way it will be possible to have a `hx-headers` on the <body> to make all hx requests secured with CSRF.
+Alternatively, you can use `hx-headers` on the <body> to make all hx requests secured with CSRF by adding a custom header:
+
+[source,html]
+----
+<body hx-headers='{"{inject:csrf.headerName}":"{inject:csrf.token}"}'>
+</body>
+----
 
 Some example projects with Quarkus Renarde and htmx:
 - https://github.com/ia3andy/renotes[a demo note-taking web app]