From 8f5736a057eecf7a4aaade717f1ff5133080efde Mon Sep 17 00:00:00 2001
From: Mike Perham <mperham@gmail.com>
Date: Tue, 28 Jun 2016 16:46:45 -0700
Subject: [PATCH] Need to initialize the session token or forms won't render

---
 src/kemal/middleware/csrf.cr | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/kemal/middleware/csrf.cr b/src/kemal/middleware/csrf.cr
index c309196..cc46c75 100644
--- a/src/kemal/middleware/csrf.cr
+++ b/src/kemal/middleware/csrf.cr
@@ -16,12 +16,13 @@ module Kemal::Middleware
     PARAMETER_NAME = "authenticity_token"
 
     def call(context)
+      unless context.session["csrf"]?
+        context.session["csrf"] = SecureRandom.hex(16)
+      end
+
       return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
 
       req = context.request
-      current_token = context.session["csrf"]? || begin
-        context.session["csrf"] = SecureRandom.hex(16)
-      end
       submitted = if req.headers[HEADER]?
         req.headers[HEADER]
       elsif context.params.body[PARAMETER_NAME]?
@@ -29,6 +30,7 @@ module Kemal::Middleware
       else
         "nothing"
       end
+      current_token = context.session["csrf"]
 
       if current_token == submitted
         # reset the token so it can't be used again