Allow forgery protection to be enabled/disabled app-wide - Githubissues

luckyframework / lucky

A full-featured Crystal web framework that catches bugs for you, runs incredibly fast, and helps you write code that lasts.

https://luckyframework.org

MIT License

2.57k stars 156 forks source link

Allow forgery protection to be enabled/disabled app-wide #1657

Closed matthewmcgarvey closed 2 years ago

matthewmcgarvey commented 2 years ago

Purpose

Resolves #1656

A follow-up pr will need to be made to lucky_cli that adds configuration disabling it in the test environment.

Description

Needed by https://github.com/luckyframework/lucky_flow/pull/137 to allow using things like links with different request methods that would normally use javascript to set the CSRF token on the request.

Checklist

[x] - An issue already exists detailing the issue/or feature request that this PR fixes
[x] - All specs are formatted with crystal tool format spec src
[x] - Inline documentation has been added and/or updated
[x] - Lucky builds on docker with ./script/setup
[x] - All builds and specs pass on docker with ./script/test