e407d0195c
This adds a middleware which, when activated, will deny any form submission which does not include a valid `authenticity_token` parameter or `http-x-csrf-token` header with the request. The header and parameter names are identical to the ones supported by Ruby's rack-protection gem for interoperability purposes. |
||
---|---|---|
.. | ||
asset | ||
middleware | ||
all_spec.cr | ||
common_exception_handler_spec.cr | ||
config_spec.cr | ||
context_spec.cr | ||
helpers_spec.cr | ||
logger_spec.cr | ||
param_parser_spec.cr | ||
route_handler_spec.cr | ||
route_spec.cr | ||
session_spec.cr | ||
spec_helper.cr | ||
view_spec.cr | ||
websocket_handler_spec.cr |