This makes CSRF protection with Rails follow the same rules as when using Roda directly, meaning users can do things like override #check_csrf? to skip CSRF protection for certain routes, and that will now work correctly with rodauth-rails. The rodauth-oauth gem is one example where CSRF protection needs to be skipped for some routes.
HoneyryderChuck
commented
4 years ago
This makes CSRF protection with Rails follow the same rules as when using Roda directly, meaning users can do things like override
#check_csrf?to skip CSRF protection for certain routes, and that will now work correctly with rodauth-rails. The rodauth-oauth gem is one example where CSRF protection needs to be skipped for some routes.We first need to wait for https://github.com/jeremyevans/rodauth/pull/96 to be merged, which adds the
#check_csrfmethod.Closes #2
/cc @HoneyryderChuck