Improvements¶ ↑
-
Support has been added for using Roda’s route_csrf plugin with request-specific CSRF tokens. When loading the
Rodauthinto your Roda app, specify the :csrf=>:route_csrf plugin option so thatRodauthwill load the route_csrf plugin instead of the csrf plugin. -
The use_request_specific_csrf_tokens? configuration option has been added, it defaults to true when the the :csrf=>:route_csrf option is used when loading the plugin.
-
If you have custom templates for the reset password request, unlock account request, or verify account resend link request, you will have to update them to use the new request-specific CSRF token feature.
Backwards Compatibility¶ ↑
-
The csrf_tag configuration method now accepts the path as an optional argument, previously it accepted no arguments. The optional argument defaults to the path of the current request.