TIL: Sinatra CSRF Protection | JoeCode

JoeCode

TIL: Sinatra CSRF Protection

Feb 20, 2024

Resources

How to enable CSRF tokens in Sinatra

app.rb

require 'rack/protection'
use Rack::Protection
...

views/form.erb

<form method=post action=/hello>
  <input type=hidden name=authenticity_token value="<%= env['rack.session'][:csrf] %>">
  <input type=submit>
</form>