Support has been added for using Roda’s route_csrf plugin with request-specific CSRF tokens. When loading the
Rodauthinto your Roda app, specify the :csrf=>:route_csrf plugin option so that
Rodauthwill load the route_csrf plugin instead of the csrf plugin.
The use_request_specific_csrf_tokens? configuration option has been added, it defaults to true when the the :csrf=>:route_csrf option is used when loading the plugin.
If you have custom templates for the reset password request, unlock account request, or verify account resend link request, you will have to update them to use the new request-specific CSRF token feature.
The csrf_tag configuration method now accepts the path as an optional argument, previously it accepted no arguments. The optional argument defaults to the path of the current request.