This example worked here: require 'rubygems' require 'rack/csrf' require 'camping' require 'camping/session'
Camping.goes :Hello module Hello use Rack::Csrf include Camping::Session end module Hello::Controllers class Index def get Rack::Csrf.csrf_token(@env) end end end Notice that you'll have to reverse the `use`-lines. Maybe we should file that as a bug? Since it works the other way both in Rackup files and Sinatra? // Magnus Holm On Wed, Aug 11, 2010 at 21:33, David Susco <dsu...@gmail.com> wrote: > Ted, > > Do you use Camping::Session with Rack::Csrf? If so, how did you get it > to work? Once I include Camping::Session the csrf_token changes every > time I call the method. > > Can anyone explain what include Camping::Session is actually doing? > > Dave > > On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <t...@tedkimble.com> wrote: >> For cross-site request forgery protection I've simply used the >> Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). >> The github page is pretty self explanatory. >> >> For Haml, you should just be able to set its :escape_html option to >> true and then >> >> %p= @something_nasty >> >> will be escaped by default. See: >> >> http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option >> >> for more info. >> >> Best, >> Ted >> >> On Mon, Aug 9, 2010 at 9:15 AM, David Susco <dsu...@gmail.com> wrote: >>> Hey guys, >>> >>> What do people do to protect against cross-site request forgery? To >>> mimic what rails does I was thinking of creating a unique key for each >>> session, and then in my logged_in? helper checking if the key passed >>> by the user matches the one I set in the session. >>> >>> On the second question, I'm using Tilt with Haml templates. Any idea >>> how I can set Haml's :escape_html option so each template escapes all >>> HTML within variables? >>> >>> -- >>> Dave >>> _______________________________________________ >>> Camping-list mailing list >>> Camping-list@rubyforge.org >>> http://rubyforge.org/mailman/listinfo/camping-list >>> >> _______________________________________________ >> Camping-list mailing list >> Camping-list@rubyforge.org >> http://rubyforge.org/mailman/listinfo/camping-list >> > > > > -- > Dave > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list > _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list