This makes CSRF protection with Rails follow the same rules as when using Roda directly, meaning users can do things like override #check_csrf? to skip CSRF protection for certain routes, and that will now work correctly with rodauth-rails. The rodauth-oauth gem is one example where CSRF protection needs to be skipped for some routes.
This makes CSRF protection with Rails follow the same rules as when using Roda directly, meaning users can do things like override
#check_csrf?
to skip CSRF protection for certain routes, and that will now work correctly with rodauth-rails. The rodauth-oauth gem is one example where CSRF protection needs to be skipped for some routes.We first need to wait for https://github.com/jeremyevans/rodauth/pull/96 to be merged, which adds the
#check_csrf
method.Closes #2
/cc @HoneyryderChuck