ring anti-forgery is enabled by default, but that is not mentioned in docs

ring-clojure / ring-defaults

A library to provide sensible Ring middleware defaults

MIT License

345 stars 32 forks source link

ring anti-forgery is enabled by default, but that is not mentioned in docs #14

Closed sventech closed 1 year ago

sventech commented 9 years ago

As you helped me understand in the issue on ring anti-forgery, a normal punter will try to use wrap-defaults with site-defaults and then add wrap-anti-forgery, not realising that it is redundant.

How could we best add docs to indicate how to handle CSRF / XSRF validation? I guess you're suggesting a complete map of default options?

weavejester commented 9 years ago

Yep, we'll just have a section to document each of the *-defaults option maps.