jeremyevans/roda

`require’: cannot load such file -- rack/csrf

Closed this issue · 4 comments

Hello, it looks like there's a missing dependency when using csrf plugin

.rbenv/versions/2.6.4/lib/ruby/gems/2.6.0/gems/roda-3.24.0/lib/roda/plugins/csrf.rb:3:in `require’: cannot load such file -- rack/csrf
janko commented

You need to add the rack_csrf gem to your Gemfile. Roda does not depend on it because it's not a mandatory dependency (it's only needed by the csrf plugin).

Note that the it's recommended to use the route_csrf plugin instead, which is more secure and doesn't depend on any external gems.

Maybe its just worth mentioning it in plugin's readme...

btw: rodauth is using this plugin by default...

The csrf plugin module documentation does mention that it uses rack_csrf. I'm certainly open to expanding the documentation if you think it would be beneficial. Please submit a pull request for that if so.