I made a non-middleware version because I wasn't aware of this project. Because it's not middleware it won't break POST request for non-browser based webservices. Would you please take a look and tell me what you think? Thanks. https://github.com/runexec/ring-csrf/tree/master/ring-csrf
It appears as if this project has since been deleted. Also, you know you can apply middleware selectively, right?
Sorry for the late reply. I'll be writing a new one with the same functionality. I'll contact you when it's complete
Closing this issue; please reopen on new repository location if this is still relevant.