This example worked here:
require 'rubygems'
require 'rack/csrf'
require 'camping'
require 'camping/session'
Camping.goes :Hello
module Hello
use Rack::Csrf
include Camping::Session
end
module Hello::Controllers
class Index
def get
Rack::Csrf.csrf_token(@env)
end
end
end
Notice that you'll have to reverse the `use`-lines. Maybe we should
file that as a bug? Since it works the other way both in Rackup files
and Sinatra?
// Magnus Holm
On Wed, Aug 11, 2010 at 21:33, David Susco dsu...@gmail.com wrote:
Ted,
Do you use Camping::Session with Rack::Csrf? If so, how did you get it
to work? Once I include Camping::Session the csrf_token changes every
time I call the method.
Can anyone explain what include Camping::Session is actually doing?
Dave
On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble t...@tedkimble.com wrote:
For cross-site request forgery protection I've simply used the
Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf).
The github page is pretty self explanatory.
For Haml, you should just be able to set its :escape_html option to
true and then
%p= @something_nasty
will be escaped by default. See:
http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option
for more info.
Best,
Ted
On Mon, Aug 9, 2010 at 9:15 AM, David Susco dsu...@gmail.com wrote:
Hey guys,
What do people do to protect against cross-site request forgery? To
mimic what rails does I was thinking of creating a unique key for each
session, and then in my logged_in? helper checking if the key passed
by the user matches the one I set in the session.
On the second question, I'm using Tilt with Haml templates. Any idea
how I can set Haml's :escape_html option so each template escapes all
HTML within variables?
--
Dave
___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
--
Dave
___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list