From d91037686bae26715e12e886f9f6a4a58798bb3a Mon Sep 17 00:00:00 2001 From: James Dinkel Date: Sun, 24 Aug 2025 12:22:00 -0500 Subject: [PATCH 1/2] works without csrf --- app.rb | 2 +- views/edit.erb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app.rb b/app.rb index f590e41..6e67653 100644 --- a/app.rb +++ b/app.rb @@ -13,7 +13,7 @@ class App < Roda plugin :route_csrf route do |r| - check_csrf! + # check_csrf! r.root do @page_title = 'Assistants List' diff --git a/views/edit.erb b/views/edit.erb index 5038044..b147d9a 100644 --- a/views/edit.erb +++ b/views/edit.erb @@ -16,7 +16,6 @@ <% end %> - <%== csrf_tag('/assistants') %>
From 5c2466dfaf85e2ade0406276fecc525c25987618 Mon Sep 17 00:00:00 2001 From: James Dinkel Date: Sun, 24 Aug 2025 14:53:34 -0500 Subject: [PATCH 2/2] Getting rid of CSRF for now. --- .env.rb | 3 +++ app.rb | 4 +--- config.ru | 3 ++- views/edit.erb | 2 -- 4 files changed, 6 insertions(+), 6 deletions(-) create mode 100644 .env.rb diff --git a/.env.rb b/.env.rb new file mode 100644 index 0000000..ed7489c --- /dev/null +++ b/.env.rb @@ -0,0 +1,3 @@ + +ENV["APP_SESSION_SECRET"] ||= "x3UUSSxLjgP62TOxfIOdf7dhXnOdLiN2kE0K+nB7TA0LsRTpSxhf8Om9cRUYGYQxUMhzIBeZ3KtOLo3cXlSfdg==" +# generated with: ruby -rsecurerandom -e 'puts SecureRandom.base64(64).inspect' diff --git a/app.rb b/app.rb index 6e67653..096b0b4 100644 --- a/app.rb +++ b/app.rb @@ -10,11 +10,9 @@ require_relative 'models/assistant' # Listing large language models (aka "Assistants") class App < Roda plugin :render, escape: true - plugin :route_csrf + plugin :sessions, secret: ENV.delete('APP_SESSION_SECRET') route do |r| - # check_csrf! - r.root do @page_title = 'Assistants List' @subtitle = 'All Assistants in Database' diff --git a/config.ru b/config.ru index c9fa468..b1cf08d 100644 --- a/config.ru +++ b/config.ru @@ -1,3 +1,4 @@ -require "./app" +require './.env' if File.exist?('.env.rb') +require './app' run App.freeze.app diff --git a/views/edit.erb b/views/edit.erb index b147d9a..d140737 100644 --- a/views/edit.erb +++ b/views/edit.erb @@ -15,8 +15,6 @@ <% end %> - -