On Oct 28, 2:24 pm, Jamie Macey <[EMAIL PROTECTED]> wrote: > I've been working on some CSRF stuff yesterday/today, most of that > time spent figuring out that the current Rack middleware that got > added for 0.9.6 doesn't work, and will have a hard time working well. > (see comment fromhttp://merb.lighthouseapp.com/projects/7433/tickets/626) > > So instead, I've written a kinda-hacky solution at the controller > layer - seems to work pretty well as near as I can browser-test, > available here:http://pastie.org/302497
Ok, I've managed to figure out that I *can* get the necessary information at the rack level to function, but it needs some assistance at the controller/view layer to make it transparent. I do have it functioning transparently now, fork is up on github (http://github.com/jamie/merb/tree), wouldn't mind getting some feedback on whether I'm doing the integration right. Also, I'm not sure if it's something that wants to be forced in core, but if not it should just be an issue of removing some default includes and pushing that decision to app developers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
