-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for per form csrf tokens #1653
Conversation
Model the implementation after Rails to provide cross compatibility.
b35db88
to
f8f04e5
Compare
@namusyaka any chance we could release this soon if it looks good? I found this will be really useful for a Rails project where I depend on omniauth (which will be using rack-protection in the 2.0 release). |
@namusyaka thanks for the review. I made updates based on your comments 👍 |
Sorry I'll take a look at this next month.. 🙇 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good to me. |
Thanks @jkowens for working on this. Looking forward to the new |
Does anyone know, if there will be a release before v3.0.0 with this change? I know that v3.0.0 is being worked on, but maybe we can have a Thanks |
Resolves #1616. Makes CSRF tokens more secure (see: rails/rails#22275).
To generate a per form authenticity token, pass the
path
and optionally the formmethod
(method defaults to post):