Closed hojberg closed 8 years ago
@hojberg Thanks for your question!
We should clear this up and add some more docs for rack-protection, hopefully before the final release!
Just to quickly answer the question, it can be done as follows:
In a meta tag:
<meta name="csrf-token" content="#{session[:csrf]}" />
Or in a hidden input:
<input type="hidden" name="authenticity_token" value="#{session[:csrf]}" />
@jkowens Likewise, if you could submit docs for this upstream :bow: :bow: :bow: :bow:
To accept a form i'd need to submit the
authenticity_token
param along with the form. This token is set in the session currently. Is there no way to get that in a meta tag so I can embed in page?