sinatra / rack-protection

NOTE: This project has been merged upstream to sinatra/sinatra
https://github.com/sinatra/sinatra/tree/master/rack-protection
818 stars 58 forks source link

AuthenticityToken #106

Closed hojberg closed 8 years ago

hojberg commented 8 years ago

To accept a form i'd need to submit the authenticity_token param along with the form. This token is set in the session currently. Is there no way to get that in a meta tag so I can embed in page?

zzak commented 8 years ago

@hojberg Thanks for your question!

We should clear this up and add some more docs for rack-protection, hopefully before the final release!

jkowens commented 8 years ago

Just to quickly answer the question, it can be done as follows:

In a meta tag:

<meta name="csrf-token" content="#{session[:csrf]}" />

Or in a hidden input:

<input type="hidden" name="authenticity_token" value="#{session[:csrf]}" />
zzak commented 8 years ago

@jkowens Likewise, if you could submit docs for this upstream :bow: :bow: :bow: :bow: