Getting rid of CSRF for now.
This commit is contained in:
parent
d91037686b
commit
5c2466dfaf
3
.env.rb
Normal file
3
.env.rb
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
ENV["APP_SESSION_SECRET"] ||= "x3UUSSxLjgP62TOxfIOdf7dhXnOdLiN2kE0K+nB7TA0LsRTpSxhf8Om9cRUYGYQxUMhzIBeZ3KtOLo3cXlSfdg=="
|
||||||
|
# generated with: ruby -rsecurerandom -e 'puts SecureRandom.base64(64).inspect'
|
||||||
4
app.rb
4
app.rb
|
|
@ -10,11 +10,9 @@ require_relative 'models/assistant'
|
||||||
# Listing large language models (aka "Assistants")
|
# Listing large language models (aka "Assistants")
|
||||||
class App < Roda
|
class App < Roda
|
||||||
plugin :render, escape: true
|
plugin :render, escape: true
|
||||||
plugin :route_csrf
|
plugin :sessions, secret: ENV.delete('APP_SESSION_SECRET')
|
||||||
|
|
||||||
route do |r|
|
route do |r|
|
||||||
# check_csrf!
|
|
||||||
|
|
||||||
r.root do
|
r.root do
|
||||||
@page_title = 'Assistants List'
|
@page_title = 'Assistants List'
|
||||||
@subtitle = 'All Assistants in Database'
|
@subtitle = 'All Assistants in Database'
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
require "./app"
|
require './.env' if File.exist?('.env.rb')
|
||||||
|
require './app'
|
||||||
|
|
||||||
run App.freeze.app
|
run App.freeze.app
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,6 @@
|
||||||
<input type="hidden" name="_method" value="put">
|
<input type="hidden" name="_method" value="put">
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<!-- Add CSRF token tag -->
|
|
||||||
|
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label class="label">Name</label>
|
<label class="label">Name</label>
|
||||||
<div class="control">
|
<div class="control">
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue