I've been working on some CSRF stuff yesterday/today, most of that time spent figuring out that the current Rack middleware that got added for 0.9.6 doesn't work, and will have a hard time working well. (see comment from http://merb.lighthouseapp.com/projects/7433/tickets/626)
So instead, I've written a kinda-hacky solution at the controller layer - seems to work pretty well as near as I can browser-test, available here: http://pastie.org/302497 Improvements over the existing rack middleware are: - unique CSRF token per user - token available in views for passing to flash apps and whatnot I'm planning on making a plugin out of it, with specs if I can figure out a sane way to do that, but thought I'd stick it up here first and see if I can get any feedback on it. -- Jamie --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
